‘Fully undetectable’ Windows backdoor gets detected

SafeBreach Labs says it has detected a novel fully undetectable (FUD) PowerShell backdoor, which calls into question the accuracy of threat naming.

More significantly, the malware may backdoor your Windows system by masquerading as part of the update process.

Tomer Bar, director of security research at SafeBreach, explains in an advisory that the software nasty and associated command-and-control (C2) backend appear to have been developed by a competent unknown miscreant – though one not savvy enough to avoid mistakes that allowed SafeBreach researchers to figure out what was going on, natch.

Read more…
Source: The Register