The Microsoft security team has issued a warning today about ongoing malware campaigns that are distributing the Astaroth malware using fileless and living-off-the-land techniques that make it harder for traditional antivirus solutions to spot the ongoing attacks. From a report: The attacks were detected by the team behind Windows Defender ATP, the commercial version of the company’s Windows Defender free antivirus. Andrea Lelli, a member of the Windows Defender ATP team said alarms bells sounded at Microsoft’s offices when they detected a huge and sudden spike in usage of the Windows Management Instrumentation Command-line (WMIC) tool. This is a legitimate tool that ships with all modern versions of Windows, but the sudden spike in usage suggested a pattern specific to malware campaigns. When Microsoft looked closer, it discovered a malware campaign that consisted of a massive spam operation that was sending out emails with a link to a website hosting a .LNK shortcut file.
of this story at Slashdot.