PowDesk is a simple, PowerShell-based malware targeting hosts that run LANDesk Management Agent. This malware shares similarities with APT34 (known as OilRig and HelixKitten) group’s previously reported malware named QUADAGENT. however PowDesk itself appears to be completely new. This malware is compatible with both 32-bit and 64-bit systems and exfiltrates the infected computer’s name through a PHP page stored at the C&C server. After analyzing the malware’s behavior.
Exposure of sensitive information