When most people think of malware, they think of binaries that are downloaded to a drive and executed. However, that is only part of the malware world. The other side does not actually download the malicious binary directly to the drive and often injects it directly into memory though the use of scripts. The name fileless is a bit of a misnomer as there are always files to be found in different stages of the attack, it is more to the point that much of the malicious work is doe through injection of code into legitimate processes without the need to write much of it to disk.

Its seems that the efforts of Ukrainian hacktivists have decided to focus their efforts on a new and interesting target. In addition to other strategic targets, they have gone after one of the central portals for Russian alcohol distribution. The attack is currently manifested in the form of a distributed denial of service attack(s) targeting the portal to render it inaccessible. This means that distillers and distributors of alcoholic beverages are not able to get their products into consumers hands.

in the wild. The patch for this bug is one of 37 that are part of the monthly security release which covers multiple components in the popular mobile OS. This comes at a time when mobile banking malware is on the rise and there are also concerns around threat groups targeting phones to compromise them for use in MFA request responses.

The idea of DLL hijacking is a well known one and one that is used by attackers to compromise security tools and even sophisticated anti-malware solutions. DLLs (Dynamic Link Library) are not much more than static files that sit idle on a system until loaded. These libraries contain information that is important to the operation of the program calling it. If an attacker can replace a DLL with one of their own that prevents or alters the operation of the calling program, they have successfully hijacked it. Because of the flexibility and shared nature of DLL they are an easy target.