Tag: PowerShell

Trojan:BAT/PSRunner.VS!MSR

Detailed Analysis of the Trojan:BAT/PSRunner.VS!MSR detection

Trojan:BAT/PSRunner.VS!MSR is a detection of malware that executes malicious commands on a compromised system. It does not do much hurt by itself and rather serves for payload delivery & running. Aside from that, it does some basic system reconnaissance and gains persistence for the further payloads. Trojan:BAT/PSRunner.VS!MSR Overview Trojan:BAT/PSRunner.VS!MSR is a type of malware detection… Continue reading Trojan:BAT/PSRunner.VS!MSR

Trojan:Script/Downloader!MSR

Detailed Analysis of the Trojan:Script/Downloader!MSR detection

Trojan:Script/Downloader!MSR is a malicious script that downloads other malware onto the target system. It is most commonly spread through illegal software and fake documents, and is capable of deploying pretty much any malicious program. Due to the complexity and the use of obfuscation, the exact malicious script may remain undetected, while the Defender will display… Continue reading Trojan:Script/Downloader!MSR

SFX Archives Can Sneakily Launch PowerShell

CrowdStrike warns that hackers are adding malicious functionality to self-extracting SFX archives containing harmless honeypot files that can launch PowerShell. This simple trick allows attackers to plant backdoors on victims’ machines without raising an “alarm”. Let me remind you that we also wrote that Attackers target .NET Developers with Malicious NuGet Packages, and also that… Continue reading SFX Archives Can Sneakily Launch PowerShell

Qakbot Malware Applies New Distribution Methods

Qakbot malware exploits new spreading ways following recent changes in macros execution policies

Today there is an arms race between cybercriminals and antimalware manufacturers. While some release a fix for an existing threat, others must develop new loopholes. Recently, cybersecurity experts noticed that many malware families were using OneNote attachments to infect their victims. Since OneNote is considered a robust application that Microsoft has developed for easy note-taking,… Continue reading Qakbot Malware Applies New Distribution Methods

New PowerShell Backdoor Masquerades as a Windows Update

Cybersecurity experts from SafeBreach have found a new, previously undocumented and “undetectable” PowerShell backdoor, which hackers actively use and has been used to attack at least 69 targets. Let me remind you that we also wrote that Germans Interested in the Situation in Ukraine Are Attacked by the PowerShell RAT Malware. The backdoor spreads through… Continue reading New PowerShell Backdoor Masquerades as a Windows Update