Rewterz Threat Alert – Android Trojan Targeting Mobile apps in Massive Text Campaigns
January 14, 2020Rewterz Threat Alert – Android Trojan Targeting Mobile apps in Massive Text Campaigns
January 14, 2020Rewterz Threat Alert – Android Trojan Targeting Mobile apps in Massive Text Campaigns
January 14, 2020Rewterz Threat Alert – Android Trojan Targeting Mobile apps in Massive Text Campaigns
January 14, 2020Severity
High
Analysis Summary
PowDesk is a simple, PowerShell-based malware targeting hosts that run LANDesk Management Agent. This malware shares similarities with APT34 (known as OilRig and HelixKitten) group’s previously reported malware named QUADAGENT. however PowDesk itself appears to be completely new. This malware is compatible with both 32-bit and 64-bit systems and exfiltrates the infected computer’s name through a PHP page stored at the C&C server. After analyzing the malware’s behavior.
Impact
Exposure of sensitive information
Indicators of Compromise
SHA-256
- 8406ca490c60ec41569b35f31f1860ff4663bba44d1daac64760ecdfe694203d
URL
- http://lcepos.com/php/reclaimlandesk.php
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.