Microsoft Build Engine Abused To Deliver Password Stealing Malware

Threat actors are abusing Microsoft Build Engine (MSBuild) to deploy RATs and data-stealing malware in the ongoing campaign. Malicious MSBuild project files delivered in this campaign bundled encoded executables and shellcode the threat actors used for injecting the final payloads into the memory of newly spawned processes, according to Anomali's Threat Research team. Once the RATs are installed on a targeted system, they can be used to harvest keystrokes, credentials, and screen snapshots, disable anti-malware software, gain persistence, and fully take over the devices remotely. Read more...