Recently fileless malware is being discovered in computers across the world. What makes this so hard to detect is that it does not have a file or "artifact" on the computer to be found by antivirus software. Because it does not have to write anything to a computer, it can also run on any operating system, including unix.
So what are these programs mostly doing? they are executing scripts that encrypt their traffic, and farming clicks.
They are not keylogging, they are not configuring ports, they are farming clicks.
This raises tons of questions: Is it more profitable for a cybercriminal to farm clicks than do industrial espionage? Are the companies deliberately putting this on their computers, pretending to be hacked, then making extra cash on the side to change the narrative?
We left reddit because of the vote manipulation. We see all the bot twitter posts, but we never asked where they came from. We assumed it was from china, but if a shareholder where to sue twitter or reddit over paid vote manipulation, then the click farms in china would easily be discovered.
With the discovery of the file less malware thanks to the leaked NSA tools, we now have a more disturbing picture: Many computers are compromised, and are running hard to find botnets that solely generate site traffic and manipulate online marketing.
view the rest of the comments →
dunrambai ago
"Fileless" malware does leave artifacts. The artifacts are just not filesystem artifacts. The popular commodity malware poster is easy enough to figure out. I'd be interested if you actually have examples/evidence of bots performing Twitter, Facebook, or reddit manipulation.
senpaithatignoresyou ago
This is where it got interesting, the first place they went was "letsnecrypt.org" where it appears to have encrypted the traffic, and that is as far as we could tell.
I have no evidence of it going to the social media sites. If i did, i would have made a post in v/infosec. I just have a theory. IF there is a better way for them to make money off of generating site traffic, i would be very open to hear that.
I have had this suspicion that twitter may be behind the bot farms in china, in an attempt to hype up how much the service is used to dupe investors. Now that the cat is out of the bag, i would bet that they would try to find a subtle way to keep this sham going.
Then again, corporate cybersecurity is a massive inside joke. I have noticed that all the big accounting firms have begun this massive push to hire IT auditors, and the insurance companies have not too. I suspect that by next year, insurance cybersecurity audits are going to become the new pain in the ass for everyone.