Communications of the ACM
Hackers-For-Hire Group Develops 'PowerPepper' In-Memory Malware
A previously undiscovered in-memory Windows backdoor for executing remote malware and stealing data has been identified by Kaspersky cybersecurity researchers.
Credit: The Hacker News
Kaspersky cybersecurity researchers revealed a previously undiscovered in-memory Windows backdoor for executing remote malware and stealing data from targets in Asia, Europe, and the U.S.
The PowerPepper backdoor, so named because it relies on steganographic deception to deliver malware in the form of an image of ferns or peppers, was developed by the DeathStalker hacker-for-hire group.
PowerPepper is delivered via a decoy Word document, using Domain Name System over HTTPS to transmit encrypted malicious shell commands from an attacker-controlled server.
The spear-phishing emails have diverse themes, while the Word documents sport social engineering banners urging users to enable macros in order to entice victims into downloading the backdoor.
Kaspersky's Pierre Delcher said, "There is nothing particularly sophisticated about the techniques and tricks that are leveraged, yet the whole toolset has proved to be effective, is pretty well put together, and shows determined efforts to compromise various targets around the world."
From The Hacker News
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found