A new fileless attack technique that abuses the Microsoft Windows Error Reporting (WER) service is the work of a hacking group that is yet to be identified.
According to Malwarebytes security researchers Hossein Jazi and Jérôme Segura, the attack vector relies on malware burying itself in WER-based executables to avoid arousing suspicion.
In a blog post on Tuesday, the duo said the new “Kraken” attack — albeit not a completely novel technique in itself — was detected on September 17.
A lure phishing document found by the team was packaged up in a .ZIP file. Titled, “Compensation manual.doc,” the file claims to contain information relating to worker compensation rights, but when opened, is able to trigger a malicious macro.
The macro uses a custom version of the CactusTorch VBA module to spring a fileless attack, made possible