PowerPepper, the malware that bypasses the antivirus
Windows It is the most widely used operating system on desktop computers. This causes cybercriminals to set their sights here to create malicious software capable of infecting these types of devices. Sometimes you can even skip the security barriers, which are increasingly available to us.
This is what happens with PowerPepper, a new malware created by the group DeathStalker and that it is capable of bypassing the Windows antivirus in order to attack the system. According to the group of security researchers we echo, the attackers have created a new malvertising campaign to deliver this malware.
What they do is host their content in a hidden way on services as popular as YouTube or Twitter in order to reach the victims. However, the most peculiar thing about this matter is that it manages to evade security measures. This allows them to pass without being detected as a threat.
Security researchers indicate that PowerPepper took advantage of DNS over HTTPS as a C2 channel. You have used Spear Phishing attacks. In this way they manage to reach the victim and use a Word document that contains the payload.
PowerShell backdoor
This malware is a PowerShell backdoor in Windows memory and can be run remotely. It uses different techniques, among which we can name detecting mouse movement, filtering MAC addresses and evading antivirus.
The command and control server used for this campaign is based on communications through DNS over HTTPS. To establish a DoH request to a C2 server, PowerPepper initially tries to leverage the Microsoft Excel program as a web client and then returns to the standard PowerShell web client.
To protect ourselves from this problem it is very important to maintain updated systems and devices correctly. Security researchers recommend that website owners frequently update their CMS and all installed plug-ins to avoid PowerShell.
In addition, the common sense. It is very important that we do not make mistakes that could cause the entry of this type of malicious software. We have seen that they use Microsoft Word files to strain the payload and infect computers. These types of threats can arrive through malicious emails, with attachments that we unconsciously download and that can be a significant problem. Therefore, we must always avoid these types of errors.
In an article we talked about why antivirus is not enough to protect us on the network. We must always take into account all the necessary security measures to avoid problems.
Source link
https://www.redeszone.net/noticias/seguridad/powerpepper-malware-evita-antivirus-windows/
These were the details of the news PowerPepper, the new malware that bypasses antivirus and attacks Windows for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at en24news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.