Stay updated with breaking news from Tara gould. Get real-time updates on events, politics, business, and more. Visit us for reliable news and exclusive interviews.
Attackers abuse Microsoft dev tool to deploy Windows malware By 01:00 PM Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools (RATs) and information-stealing malware filelessly as part of an ongoing campaign. MSBuild (msbuild.exe) is a legitimate and open-source Microsoft development platform, similar to the Unix make utility, for building applications. This development tool can build apps on any Windows system if provided with an XML schema project file telling it how to automate the build process (compilation, packaging, testing, and deployment.) As Anomali s Threat Research team observed, the malicious MSBuild project files delivered in this campaign bundled encoded executables and shellcode the threat actors used for injecting the final payloads into the memory of newly spawned processes. ....