I write frequently about the threat of malware and how threat actors are using it to do everything from steal personal information to fully take over users’ devices or add them to botnets. These malicious programs spread through various forms of phishing, ClickFix attacks, malvertising, and even apps that have been vetted and approved by Apple and Google.
However, as users (and security tools) have gotten better at identifying the signs of a malware infection and savvy enough to avoid them in the first place, some cybercriminals have changed tactics: Living Off the Land (LOTL) attacks exploit built-in system utilities and tools that may be less likely to raise red flags.
How Living Off the Land attacks work
As Huntress describes, LOTL refers to using local resources instead of importing new ones from outside. Rather than sneaking custom-built malware onto a user’s machine, attackers exploit tools like PowerShell, Windows Management Instrumentation (WMI),
...Keep reading this article on Life Hacker.
