A previously unknown PowerShell backdoor disguises itself as part of the Windows update process. The backdoor scripts eluded detection by security vendors’ scanners tested by VirusTotal and appear to have infected at least 69 victims, researchers say.
The malware appears designed mainly for data exfiltration, say researchers from SafeBreach Labs, which spotted the backdoor.
“We strongly recommend that all security teams use the indicators of compromise we identified,” Tomer Bar, director of security research at SafeBreach, told Information Security Media Group.
The firm’s write-up shows the unique attack starting with a malicious Word document containing a macro code. The file metadata shows the document was related to a LinkedIn-based spear-phishing campaign purporting to send victims a job application.
