Security News > 2020 > December > Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware

Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by Kaspersky researchers, the malware has been attributed to the DeathStalker group, a threat actor that has been found to hit law firms and companies in the financial sector located in Europe and the Middle East at least since 2012.

The espionage group first came to light earlier this July, with most of their attacks starting with a spear-phishing email containing a malicious modified LNK file that, when clicked, downloads and runs a PowerShell-based implant named Powersing.

PowerPepper now joins the group's list of expanding and evolving toolsets.

Spotted in the wild in mid-July 2020, this new strain of malware gets dropped from a decoy Word document and leverages DNS over HTTPS as a communications channel to transmit encrypted malicious shell commands from an attacker-controlled server.

To safeguard against PowerPepper delivery and execution, it is recommended that businesses and users update their CMS backends as well as associated plugins, restrict PowerShell use on end-user computers with enforced execution policies, and refrain from opening Windows shortcuts attached to emails, or click links in emails from unknown senders.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/2sKwGpqr3Ho/hackers-for-hire-group-develops-new.html