A new malware family dubbed PrivateLog was found using Common Log File System (CLFS) to stay under the radar and uses another malware—StashLog—as its installer. PRIVATELOG and StashLog have slightly contrasting methods for delivering other malicious payloads. The security agency recommends scanning for IOCs in the events with the keywords ‘process’, ‘imageload’, or ‘filewrite’ in the EDR logs.