Sign In

Communications of the ACM

ACM TechNews

Hackers-For-Hire Group Develops 'PowerPepper' In-Memory Malware


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Logo of the Power Pepper Malware backdoor.

A previously undiscovered in-memory Windows backdoor for executing remote malware and stealing data has been identified by Kaspersky cybersecurity researchers.

Credit: The Hacker News

Kaspersky cybersecurity researchers revealed a previously undiscovered in-memory Windows backdoor for executing remote malware and stealing data from targets in Asia, Europe, and the U.S.

The PowerPepper backdoor, so named because it relies on steganographic deception to deliver malware in the form of an image of ferns or peppers, was developed by the DeathStalker hacker-for-hire group.

PowerPepper is delivered via a decoy Word document, using Domain Name System over HTTPS to transmit encrypted malicious shell commands from an attacker-controlled server.

The spear-phishing emails have diverse themes, while the Word documents sport social engineering banners urging users to enable macros in order to entice victims into downloading the backdoor.

Kaspersky's Pierre Delcher said, "There is nothing particularly sophisticated about the techniques and tricks that are leveraged, yet the whole toolset has proved to be effective, is pretty well put together, and shows determined efforts to compromise various targets around the world."

From The Hacker News
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account