New Malware Hides Inside Rogue Virtual Machines

DataCenter Knowledge

“I don’t see this becoming a significant new threat vector,” agreed cybersecurity expert Andrew Hollister, director of LogRhythm Labs. “It is simply too noisy and provides many opportunities for detection. It seems an overly complicated way to implement an attack when you already have highly privileged access. The attackers could have simply halted endpoint protection and downloaded a 49KB binary which would be much more stealthy and difficult to detect than downloading a whole virtual machine, which also required drivers and registry entries in order to function.”