Researchers at Wiz have detected a new fileless malware, dubbed PyLoose, that targets cloud workloads. Evidence shows that the malware has been spotted in 200 different instances of cryptojacking attacks. Researchers have not attributed this threat to any cybercrime group, so far.

More about the malware

PyLoose, a Python-based malware, includes a compressed and encoded precompiled XMRig miner, revealed Wiz researchers.
  • This XMRig miner is dropped directly into memory using a known Linux fileless technique. 
  • While the method of distribution remains unknown, researchers claimed that a publicly accessible Jupyter Notebook service was abused to gain initial access to networks.
Fileless malware attacks have skyrocketed to 1,400% in 2022, indicating threat actors are focusing more on exploring ways to attain persistence on compromised systems and avoid detections.

Why malware goes fileless?

  • Unlike conventional malware attack, fileless malware attack does not depend on executable files to perform malicious activities. By adopting this technique, attackers go to greater lengths to remain undetected while deploying the XMRig miner onto the devices.
  • The attack operates within the system’s memory, thus, eluding detection systems to track file actions and making it difficult for security teams to investigate.
  • Conversely, not all security teams are equipped with advanced security solutions to detect fileless malware effectively.

Bottomline

To protect from PyLoose, it is advisable to avoid using publicly exposable Jupyter Notebook services. Additionally, it is imperative for organizations to implement robust defenses in runtime environments to detect fileless threats and ensure that data and applications are secure.
Cyware Publisher

Publisher

Cyware