When executed, a PowerShell implant was written to %TEMP/v.ps1 and executed with a command-line switch of "-W 1" to hide the PowerShell window. The network activity generated by the application was to a domain (anydeskstatcom) registered on Apand hosted at a Russian IP address. instead of AnyDesk creators, philandro Software GmbH. They said this wasn't the normal version of the application, as it was signed by Digital IT Consultants Plus Inc. Researchers reviewed the process and found "AnydeskSetup.exe'' running from the user's Downloads directory. To evade detection by Google's advert security, the malware attempted to launch a PowerShell script that had been renamed rexc.exe to bypass detection. The executable wasn't a legitimate version but had been weaponized with additional capabilities. Researchers detail Tetrade family of Brazilian banking trojans.BlackRock banking Trojan targets Android apps.Android users told to be on high alert after Cerberus banking Trojan leaks to the dark web.Hackers use open source Microsoft dev platform to deliver trojans.
0 kommentar(er)
