The Windows Registry, an ideal place to hide malware
Once again, cybercriminals have found a way to infect a system and hide the malware as much as possible. In fact, it is in this case a fileless malware or no files. It is a variety that is undoubtedly more difficult to detect by antivirus.
To initiate the attack, hackers rely on something as common as sending emails containing a attached ZIP file. In this way they distribute the malware and can infect its victims. This ZIP contains a self-installing file, a RAT and a keylogger.
As soon as the victim opens the attachment, it starts installing the payload automatically. Run EXE files, load DLL files, or run commands to gain control of your computer and steal information, passwords, or cause it to malfunction.
One of the most important points of this threat is that it is very light. It only takes up 32kb and, when compiled, it uses only 8.5kb of space. Additionally, the keylogger uses the Windows Registry. This way, each time the victim logs on to Windows, a scheduled task is run to start DarkWatchman instead of the keylogger on disk.
We are, therefore, before a stealth malware, which uses the Windows Registry to hide itself, and which can have different uses by attackers. One of the clearest is to act as a keylogger and steal passwords upon login.
Tips to avoid these attacks
What can we do to avoid falling victim to DarkWatchman or any similar malware? We have seen that the means they use to infect is through email. Therefore, we must take great care of our e-mail. It is essential to maintain common sense, not make mistakes and avoid downloading any files that may be suspicious. There could be a virus of this type there. It is important to know the most common malicious files by e-mail.
It is also essential to have security programs. A good antivirus will help avoid many types of malware, since they act as a barrier and allow us to detect malicious software, dangerous programs, links that may be a threat, etc.
On the other hand, it is equally important to have the updated system. We must have the latest patches available. Sometimes vulnerabilities appear that are exploited by hackers to launch these types of security threats and we can avoid this if we have the latest versions of the system.