Microsoft Build Engine Abused To Deliver Password Stealing Malware

Threat actors are abusing Microsoft Build Engine (MSBuild) to deploy RATs and data-stealing malware in the ongoing campaign.

Malicious MSBuild project files delivered in this campaign bundled encoded executables and shellcode the threat actors used for injecting the final payloads into the memory of newly spawned processes, according to Anomali's Threat Research team.

Once the RATs are installed on a targeted system, they can be used to harvest keystrokes, credentials, and screen snapshots, disableĀ anti-malware software, gain persistence, and fully take over the devices remotely.


Read More

Got Something To Say?

Your email address will not be published. Required fields are marked *