By Ionut Arghire on May 04, 2022
Threat hunters at Kaspersky are publicly documenting a malicious campaign that abuses Windows event logs to store fileless last stage Trojans and keep them hidden in the file system.
In a research report published Wednesday, Kaspersky said the first phase of the campaign started around September 2021, with the threat actor luring victims into downloading a digitally-signed Cobalt Strike module.
The use of event logs for malware stashing is a technique that Kaspersky’s security researchers say they have not seen before in live malware attacks.
