Researchers at Cyble have identified a highly advanced malware attack that successfully bypasses Google Chrome’s App-Bound Encryption. This security feature was designed to prevent infostealer malware from accessing user data, particularly cookies.
However, the newly discovered malware employs dual injection techniques to circumvent these defenses, allowing cybercriminals to extract sensitive credentials.
The attack begins with a deceptive file distribution method. The malware is embedded within a ZIP file disguised as a PDF document.
When opened, it executes a malicious LNK shortcut file that creates a scheduled task, running every 15 minutes. Another component of the attack is an XML project file, which is designed to appear as a PNG image, further tricking users into engaging with the malicious content.
To execute its payload, the malware exploits MSBuild.exe, a legitimate Microsoft development tool. This enables it to run directly in system memory without creating detectable files on the disk, making it much harder for traditional security solutions to identify and stop the attack. The use of fileless execution techniques ensures that the malware operates stealthily while maintaining persistence on an infected system.
A key aspect of this attack is its dual injection approach. The malware employs both Process Injection and Reflectiv
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: