Threat actors are abusing Microsoft Build Engine (MSBuild) to filelessly deliver remote access trojans and password-stealing malware on Windows systems. The malicious build files came embedded with encoded executables and shellcode that deploy backdoors, allowing the adversaries to take control of the victims’ machines and steal sensitive information. The idea is to stay under the radar and thwart detection, as such malware makes use of a legitimate application to load the attack code into memory, thereby leaving no traces of infection on the system.
Source: https://thehackernews.com/2021/05/hackers-using-microsoft-build-engine-to.html