• Researchers at SafeBreach Labs discovered a new fully undetectable PowerShell backdoor that leverages a novel approach of disguising itself as part of the Windows update process.

• Significantly, the malware targets Windows systems by masquerading as a part of the update process.

• The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted several victims.

• Based on its features, the malware is designed for cyberespionage, mainly engaging in data exfiltration from the compromised system

• When first detected, the PowerShell backdoor was not seen as malicious by any vendors on the VirusTotal scanning service