“File Less” Malware is yet another offensive threat in the field of cybercrime. This threat has come to light after nearly 140 major organizations, spanning 40 countries all over the world have been affected by it. This File less malware coded directly into the memory of affected machines. Impacted organizations include banks, telecommunications firms, and government agencies. USA, France, Ecuador, Kenya, UK, and Russia are some of the most affected countries. Being file less malware, they go undetected by most antivirus systems, and hence such files are not dropped as part of usual pattern-based detection at the gateways or from the PC. Experts at Kaspersky Lab discovered this threat. Researchers believe that the actual number of affected systems could be much higher but has remained undetected due to the unique nature of the malicious code. The attacks brought to light after the discovery of Metapreter, an extensible payload component used by Metasploit, a part of Microsoft's domain controller, in combination with PowerShell. Together they go undetected as they extract the passwords of system administrators. Hackers found to be using NETSH utility to control the system. Furthermore, malware like Windows registry malware coded in such a way that once the malicious task is carried out, the file self-destructs. This further decreases its chances of detection. While the hackers seem interested in compromising ATM security, their goal still seems unclear at this point. Initially engineered to perform click-fraud “file less” malware started with Poweliks, since then it evolved into a more dynamic threat in the wild. Malware making cyber criminals have now new arsenal in their armory and have a lot of additional benefits compared to their previous efforts.
- High number of Zero-day vulnerabilities can be exploited to compromise lot of computers in organizations
- “File less” malware created goes undetected by traditional Antivirus solutions or security detection techniques
- Advantages of creating Modular exploit kits that are flexible and sophisticated
- Spreading of malware and infecting machines with ransomware and moving to the registry for persistence, brings better ROI (Return on Investment) for the malware makers.