Nearly 100 victims are believed to have been impacted by a new recently identified fully undetectable Windows PowerShell backdoor, The Register reports.
Threat actors behind the FUD backdoor have launched a phishing campaign impersonating a LinkedIn-based job offer, which includes a malicious Word document with a macro, reported SafeBreach Labs researchers.
The report showed that the macro facilitates the creation of a scheduled task posing as a Windows update that will then prompt the execution of the updater.vbs script that runs a PowerShell script resulting in the opening of a remote-control backdoor. Two PowerShell scripts are created by the malware, with the scripts' content obfuscated to prevent detection in VirusTotal, according to SafeBreach Director of Security Research Tomer Bar.
SafeBreach noted that the systems with disabled macros could be protected from such an attack.
"But if the threat actor uses a different attack vector (exploits for example instead of macros), the FUD PowerShell malware would work and spy on the victim," said a SafeBreach spokesperson.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news