A newly discovered fully undetectable PowerShell backdoor, created by threat actors uses a unique approach of disguising itself as part of a Windows update process.
• Researchers at SafeBreach Labs discovered a new fully undetectable PowerShell backdoor that leverages a novel approach of disguising itself as part of the Windows update process.
• Significantly, the malware targets Windows systems by masquerading as a part of the update process.
• The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threat actor who has targeted several victims.
• Based on its features, the malware is designed for cyberespionage, mainly engaging in data exfiltration from the compromised system
• When first detected, the PowerShell backdoor was not seen as malicious by any vendors on the VirusTotal scanning service