Security News > 2020 > December > Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware
Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by Kaspersky researchers, the malware has been attributed to the DeathStalker group, a threat actor that has been found to hit law firms and companies in the financial sector located in Europe and the Middle East at least since 2012.
The espionage group first came to light earlier this July, with most of their attacks starting with a spear-phishing email containing a malicious modified LNK file that, when clicked, downloads and runs a PowerShell-based implant named Powersing.
PowerPepper now joins the group's list of expanding and evolving toolsets.
Spotted in the wild in mid-July 2020, this new strain of malware gets dropped from a decoy Word document and leverages DNS over HTTPS as a communications channel to transmit encrypted malicious shell commands from an attacker-controlled server.
To safeguard against PowerPepper delivery and execution, it is recommended that businesses and users update their CMS backends as well as associated plugins, restrict PowerShell use on end-user computers with enforced execution policies, and refrain from opening Windows shortcuts attached to emails, or click links in emails from unknown senders.
News URL
Related news
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
- Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal (source)
- Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets (source)
- Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (source)
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (source)
- Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks (source)
- Hackers use F5 BIG-IP malware to stealthily steal data for years (source)