VERY IMPORTANT

The cybercriminal group Lurk was one of the first to effectively employ fileless infection techniques in large-scale attacks—techniques that arguably became staples for other malefactors. A typical Lurk infection uses browser exploits to deliver non-persistent payloads to potential victims, probing their targets before deploying additional malware. The infection chain had multiple stages, and was accomplished using bodiless/fileless exploit payloads executed in-memory without additional persistence mechanisms. No traces were left on affected systems apart from files from the exploit process if the target machine wasn’t interesting to the Lurk operators. This eponymous lurking behavior would earn them notoriety until their operations were stymied and the perpetrators arrested. Lurk was believed to have siphoned over $45 million from financial organizations, ultimately disrupting the victims’ operations, reputation, and bottom line.