Security News > 2022 > October > Hackers use new stealthy PowerShell backdoor to target 60+ victims
A previously undocumented, fully undetectable PowerShell backdoor is being actively used by a threat actor who has targeted at least 69 entities.
When first detected, the PowerShell backdoor was not seen as malicious by any vendors on the VirusTotal scanning service.
The VBS script then executes two PowerShell scripts, "Script.ps1" and "Temp.ps1," both of which are stored inside the malicious document in obfuscated form.
When SafeBreach first discovered the scripts, none of the antivirus vendors on VirusTotal detected the PowerShell scripts as malicious.
This PowerShell backdoor is a characteristic example of unknown stealthy threats used in attacks on government, corporate, and private user systems.
While some AV engines can heuristically detect malicious behavior in the PowerShell scripts, threat actors constantly evolve their code to bypass these detections.
News URL
Related news
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Hackers Target Middle East Governments with Evasive "CR4T" Backdoor (source)
- Iranian hackers pose as journalists to push backdoor malware (source)
- Kimsuky hackers deploy new Linux backdoor via trojanized installers (source)
- Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (source)