Morphisec cybersecurity experts: The malware, written in .NET, is delivered through MSI installer and thwarts online AV scanners.
Andrea Lelli, Microsoft Defender ATP Research Team cyber security expert: Cybercrime is spreading a fileless malware campaign to infect victims with Astaroth Trojan
Cybercrime is spreading a fileless malware campaign to infect victims with Astaroth Trojan. It has been detected by Andrea Lelli, Microsoft Defender ATP Research Team cyber security expert. It only ran system tools throughout a complex attack chain. The attack involved multiple steps that use various fileless technique. Astaroth is a notorious info-stealing malware known for stealing sensitive information like credentials, keystrokes, and other data, which it exfiltrates and sends to a remote attacker. The attacker can then use stolen data to try moving laterally across networks, carry out financial theft, or sell victim information in the cyber criminal underground. Telemetry showed a sudden increase in the use of WMIC tool to run a script. This made the researchers suspicious of a fileless attack. Upon further investigation, they realized that the campaign was trying to run Astaroth backdoor directly into the memory.
The cyber security experts: The steps of the fileless malware attacks