Kraken Malware By-Passes Safety Protocols! Recently Kraken Malware has been utilizing Microsoft Windows Error Reporting (WER) to exploit target systems. Malwarebytes researchers are noticing a group of hackers developing a new file-less attack technique with designs to abuse Microsoft’s WER (Windows Error Reporting) service. These Kraken Malware users are slipping past detection protocols on the target system.
As with so many other attacks, this one relies on phishing techniques, with an email sent to an unsuspecting employee with access to the network the group wants to infiltrate. The researchers found the malicious file packaged in a .ZIP file and bearing the title “Compensation Manual.doc” with the email body claiming that the poisoned document contains detailed information relating to worker compensation rights.
Naturally, the document contains no such information. However, it has a macro designed to load “Kraken.dll” into memory and execute it through VBScript. Once that happens, the binary will inject an embedded shellcode into WerFault.exe, a part of the Windows, as mentioned earlier Error Reporting System.
The research team said, “That reporting service, WerFault.exe, is usually invoked when an error related to the operating system, Windows features, or applications happens. When victims see WerFault.exe running on their machine, they probably assume that some error happened, while in this case, they have actually been targeted in an attack.”
Unfortunately, there’s not much knowledge about the Kraken Malware By-Passes Safety codes at this time, which the research team is dubbing “Kraken.” The design is to terminate if detections of Kraken Malware Passes Safetyalytic activities. There’s nothing in the code that marks it as designing one of the well-known, well-established threat groups. This one’s sneaky and difficult to detect.
Make sure your IT staff is aware of the Kraken Malware threat.
