
InĀ early AugustĀ we discussed a case where a backdoor (BKDR_ANDROM.ETIN) was being installed filelessly onto a target system usingĀ JS_POWMET.DE, a script that abused various legitimate functions. At the time, we did not know how the threat arrived onto the target machine. We speculated that it was either downloaded by users or dropped by other malware.
Read More