Cybersecurity experts have detected a new variant of the Masslogger malware campaign attacking Windows systems to poach login credentials of major applications like Outlook, Discord, NordVPN, as well as major web browsers like Chrome and many others.

A new variant of the Masslogger malware:

This malware is discovered to be a strain of the already existing Masslogger malware and operates its mal-activities via a multi-layer ‘Fileless’ attack design.

The new variant of the previously observed Masslogger malware utilizes the compile HTML format of files to initiate the infection string.

However, researchers have found that even though the malware attack launches from inside the system memory, the payments of the extorts depend on the ever-persistent existence of phishing emails. Phishing emails are a staple of hackers and if taken proper cybersecurity measures, can be easily evaded.

Malware experts state that the malware is stashed inside a compressed RAR archive with a rather peculiar filename extension that is forwarded to victims in phishing emails as email attachments.

When the email attachment is downloaded and accessed by the victim, it initiates the multi-stage malware injection to corrupt the system RAM i.e the volatile memory.

What is the ‘Fileless’ malware attack?

Fileless malware is a type of malware that uses authentic codes and programs to corrupt a system. The particular malware doesn’t depend on files and leaves zero tracks, making it taxing to find and destroy. Fileless malware is notorious for being able to mal-operate under the radar and is able to evade all but only the most intricate cybersecurity solutions.

This malware is particularly dangerous, as phishing malware generally is since they target both individuals as well as organizational users.

Currently, however, phishing malware is observed to be getting underestimated by organizations and users in general as there is awareness and focus on more predominant ransomware attacks.

Since any type of user credentials are of value on the darknet, it is essential to not underestimate the potential of phishing attacks and the implications of it. Cybersecurity and data security should always be given high priority.

It is worth noting that there also exists a keylogger component in this strain of Masslogger, but has been disabled. It is generally observed that keyloggers and user credential poach go together.

It is always a good practice to stay wary of email phishing attacks. Simple practices of not downloading email attachments and files from unknown ad unexpected sources might just save you from severe cybersecurity mishaps.