Security News > 2022 > October > 'Fully undetectable' Windows backdoor gets detected
2022-10-18 20:14
SafeBreach Labs says it has detected a novel fully undetectable PowerShell backdoor, which calls into question the accuracy of threat naming.
"The attack starts with a malicious Word document, which includes a macro that launches an unknown PowerShell script," said Bar.
"The macro drops updater.vbs, creates a scheduled task pretending to be part of a Windows update, which will execute the updater.vbs script from a fake update folder under '%appdata%localMicrosoftWindows," explained Bar.
Vbs script then runs a PowerShell script that opens a remote-control backdoor on the box.
According to Bar, prior to executing the scheduled task, the malware creates two PowerShell scripts, Script.
The scripts don't get detected in VirusTotal.