Malware, Phishing, Vulnerability Management

Microsoft ALPC zero-day already wrapped into PowerPool malware


A Microsoft Windows task manager surprisingly released last week, is already being exploited in a PowerPool threat group malware campaign.

The so-called zero day exploit was announced in what researchers described as a “rather acerbic tweet” which was obviously not part of a coordinated vulnerability disclosure as there was no fix in place to patch the vulnerability, according to a Sept. 5 blog post.

The since deleted tweet linked to a GitHub repository containing Proof-of-Concept code for the exploit in both a compiled version and source code version.

The disclosure of the vulnerability outside of the coordinated process put many users at risk since even the most up-to-date version of Windows could be compromised as a result.

The exploit since has been incorporated into malware of the newly discovered threat group’s malware and sent as malicious email attachments, Windows backdoors and lateral movement tools as part of campaigns targeting countries include Chile, Germany, India, the Philippines, Poland, Russia, the U.K., the U.S. and Ukraine.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.