<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Fileless-Malware on HackingPassion.com : root@HackingPassion.com-[~]</title><link>https://hackingpassion.com/tags/fileless-malware/</link><description>Recent content in Fileless-Malware on HackingPassion.com : root@HackingPassion.com-[~]</description><generator>Hugo</generator><language>en</language><lastBuildDate>Tue, 14 Apr 2026 12:06:26 +0200</lastBuildDate><atom:link href="https://hackingpassion.com/tags/fileless-malware/index.xml" rel="self" type="application/rss+xml"/><item><title>MSBuild LOLBin: How Hackers Run Malware on Windows Without Leaving a Trace</title><link>https://hackingpassion.com/msbuild-lolbin-fileless-attack/</link><pubDate>Tue, 14 Apr 2026 12:06:26 +0200</pubDate><guid>https://hackingpassion.com/msbuild-lolbin-fileless-attack/</guid><description>&lt;p>&lt;strong>MSBuild.exe&lt;/strong> is a &lt;strong>LOLBin&lt;/strong>, a legitimate Windows tool being abused to run malware on fully patched machines without dropping a single file on disk, and Windows Defender does not raise an alert because MSBuild.exe carries Microsoft&amp;rsquo;s own digital signature and many security tools treat it as trusted by default. There is no patch coming because nothing here is broken. MSBuild.exe is doing exactly what Microsoft designed it to do. 😏&lt;/p>
&lt;p>&lt;code>MSBuild.exe&lt;/code>, the Microsoft Build Engine, has been part of the .NET Framework and Visual Studio for years. Software developers use it to compile and build applications from XML-based project files. Because Microsoft built it and signed it, Windows trusts it completely. AppLocker trusts it. Windows Defender Application Control trusts it. Most endpoint security solutions wave it through without a second look, because as far as they are concerned, it is a legitimate Microsoft tool doing its job.&lt;/p></description></item><item><title>DesckVB RAT Uses Windows' Own Tools to Stay Hidden and Leaves Almost Nothing Behind</title><link>https://hackingpassion.com/desckvb-rat-fileless-malware-2026/</link><pubDate>Sat, 11 Apr 2026 12:52:30 +0200</pubDate><guid>https://hackingpassion.com/desckvb-rat-fileless-malware-2026/</guid><description>&lt;p>A Remote Access Trojan called DesckVB has been actively hitting systems throughout 2026, running almost entirely inside memory with barely anything written to disk, hiding its final payload inside a process it names &lt;strong>Microsoft.exe&lt;/strong>, and attempting to switch off the camera LED before streaming video back to the attacker. A cracked version of the builder is already circulating freely, meaning attackers with minimal skills can deploy this today without writing a single line of code. Forensics teams sweep these machines afterward and find very little. The system looks completely clean. 😏&lt;/p></description></item></channel></rss>