Newly emergent PowMix botnet has been leveraging randomized command-and-control beaconing intervals to stealthily compromise the Czech Republic's workforce in an attack campaign that has been underway since December, The Hacker News reports.Attackers may have used a phishing email to deliver an illicit ZIP file containing an LNK file that deploys a PowerShell loader that extracts, decrypts, and executes the PowMix botnet in memory, according to a Cisco Talos report. Apart from enabling remote access, reconnaissance, and persistence, PowMix also facilitates the remote execution of commands for self-deletion and C2 migration, while tapping compliance-themed lures to distract targets.With its usage of ZIP-based payload distribution, scheduled task persistence, and Heroku exploitation for C2, the PowMix campaign was noted by Cisco Talos researchers to be akin to the earlier ZipLine campaign reported by Check Point analysts. Such findings come as the RondoDox botnet was disclosed by Bitsight researchers to have evolved to integrate XMRig cryptocurrency mining capabilities.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




