Blog | G5 Cyber Security

Fileless malware uses PowerShell scripts for Click Fraud Campaign

Malware has been distributed through a Click Fraud Malware Campaign from Russian website https://://://soplifan.ru Malware was triggered in numerous computer at the same time and it resides on windows registry. Malware uses CreateRemoteThread and API such as, VirtualAlloc, and WriteProcessMemory to do so. Malware is difficult to detect as it sits in the system registry and making hard for Antivirus hard to identify the infection.”]

Source: https://gbhackers.com/fileless-malware-wuth-powershell-scripts/

Exit mobile version