Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US.
Dubbed "PowerPepper" by Kaspersky researchers, the malware has been attributed to the DeathStalker group (formerly called Deceptikons), a threat actor that has been found to hit law firms and companies in the financial sector located in Europe and the Middle East at least since 2012.
The hacking tool is so-called because of its reliance on steganographic trickery to deliver the backdoor payload in the form of an image of ferns or peppers.
The espionage group first came to light earlier this July, with most of their attacks starting with a spear-phishing email containing a malicious modified LNK (shortcut) file that, when clicked, downloads and runs a PowerShell-based implant named Powersing.
While their objectives don't appear to be financially motivated, their continued interest in collecting crucial business information led Kaspersky to the conclusion that "DeathStalker is a group of mercenaries offering hacking-for-hire services, or acting as some sort of information broker in financial circles."
PowerPepper now joins the group's list of expanding and evolving toolsets.
Spotted in the wild in mid-July 2020, this new strain of malware gets dropped from a decoy Word document and leverages DNS over HTTPS (DoH) as a communications channel to transmit encrypted ..
Support the originator by clicking the read the rest link below.
