Security News > 2022 > October > Hackers use new stealthy PowerShell backdoor to target 60+ victims
A previously undocumented, fully undetectable PowerShell backdoor is being actively used by a threat actor who has targeted at least 69 entities.
When first detected, the PowerShell backdoor was not seen as malicious by any vendors on the VirusTotal scanning service.
The VBS script then executes two PowerShell scripts, "Script.ps1" and "Temp.ps1," both of which are stored inside the malicious document in obfuscated form.
When SafeBreach first discovered the scripts, none of the antivirus vendors on VirusTotal detected the PowerShell scripts as malicious.
This PowerShell backdoor is a characteristic example of unknown stealthy threats used in attacks on government, corporate, and private user systems.
While some AV engines can heuristically detect malicious behavior in the PowerShell scripts, threat actors constantly evolve their code to bypass these detections.
News URL
Related news
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
- DPRK hackers dupe targets into typing PowerShell commands as admin (source)
- Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)