National Security

‘Great Duke of Hell’: The New Invisible Man Malware

The Great Duke of Hell. That’s the name of a particularly nasty piece of malware security researchers from Microsoft have identified circulating the World Wide Web.

On 8 June, analysts from the Microsoft Defender Advanced Threat Protection Research Team issued a warning to confirm that a notorious credential-stealing malware threat is targeting Windows users.

Dubbed Astaroth, or “the Great Duke of Hell” upon its discovery in 2017, the malware is essentially a Trojan program that gathers user credentials. What makes this one so dangerous is that it uses an “invisible man” methodology by only running files within the attack chain that are legitimate system tools. What this means basically is that the computer itself is directed to program malicious commands on itself. This allows the Duke of Hell to hide in plain sight, slipping through most malware detection systems.

According to Microsoft’s telemetry, the most recent campaign commenced on 19 May and carried on into mid-June, with at least four significant spikes in activity. The two biggest surges by far took place between 26 May and 1 June, and between June 2 and June 6.

The typical attack procedure would begin with a spear-phishing email containing a link that if clicked installs the Trojan.

While concerning in and of itself, Duke of Hell marks a milestone in the development of cyber threats. The development of so-called fileless malware, in which the virus doesn’t get the systems through a specific document, but rather is installed within the RAM of the computer itself, has been a growing concern over the past year. Among the growing awareness of cyber threats being a primary danger to national security, fileless attacks are uniquely problematic. They circumvent traditional methods of detection, and often require advanced diagnostics to uncover.

The opinions expressed here by contributors are their own and are not the view of OpsLens which seeks to provide a platform for experience-driven commentary on today's trending headlines in the U.S. and around the world. Have a different opinion or something more to add on this topic? Contact us for guidelines on submitting your own experience-driven commentary.
Samuel Siskind

Samuel Siskind studied intelligence research at the American Military University in West Virginia. He served as a squad commander in the Israeli Defense Force (IDF) Corp of Combat Engineers, in the Corps' ground battalions and later in its Intelligence Wing at regional and divisional stations. For the past five years, Samuel has worked as a consultant and researcher on physical and information security issues for private and governmental institutions, in the US, Africa, India, and Israel. He currently lives in Jerusalem.

Join the conversation!

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse.

Watch The Drew Berquist Show

Everywhere, at home or on the go.