Summary: Recent reports indicate that threat actors have been distributing fileless malware through phishing emails. The malware is disguised as an ISO file embedded with a .hta script file, which gets executed without creating a file on the victim's system. The malware executes a Powershell command to request a base64 encoded string data from the server, which then loads a function and executes a DLL file. The DLL file downloads the final malware from the C2 server and injects it into the RegAsm.exe process. The malware can be AgentTesla, Remcos, or LimeRAT.

Hashtags: #filelessmalware #phishing #cybersecurity #malwaredistribution #Powershell #DLL #CyberAttack

https://cybersecuritynews.com/fileless-malware-via-spam-mail/