Attackers execute NETWIRE backdoor trojan using a process hollowing technique

From cyware.com

Attackers execute NETWIRE backdoor trojan using a process hollowing technique
  • The Process Hollowing technique involves the use of VBScript, PowerShell, and the .NET framework.
  • The capabilities of the NETWIRE trojan includes keylogging, reverse shell, and password theft.

Researchers have come across a new phishing campaign in which attackers targeted multiple customers by using a fileless code injection attack. Dubbed as ‘Process Hollowing’, the technique involved the use of VBScript, PowerShell, and the .NET framework. The phishing campaign was discovered in February 2019.

Read more…