Security News > 2023 > June > New 'PowerDrop' PowerShell malware targets U.S. aerospace industry
A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense industry.
PowerDrop was discovered by Adlumin, who last month found a sample of the malware in the network of a defense contractor in the U.S. The firm reports that PowerDrop uses PowerShell and WMI to create a persistent RAT on the breached networks.
The malware's operation tactics stand between "Off-the-shelf" malware and advanced APT techniques, while the timing and targets suggest that the aggressor is likely state-sponsored.
PowerDrop is a PowerShell script executed by the Windows Management Instrumentation service and encoded using Base64 to function as a backdoor or RAT. By looking at the system logs, the researchers discovered that the malicious script was executed using previously registered WMI event filters and consumers named 'SystemPowerManager,' created by the malware upon system compromise using the 'wmic.
New AhRat Android malware hidden in app with 50,000 installs.
New PowerExchange malware backdoors Microsoft Exchange servers.