PowerPool is a new threat group discovered by ESET’s research team. The group seems to have various victims across the world, and was directly related to the newly created malware that uses a newly publicly released 0 day exploit.
PowerPool’s malware functions as a backdoor to the attacked system. Allowing the attacker to remotely control and execute malicious programs on the victim’s machine, along with stealing private information located on the victim’s machine.
PowerPool’s malware affects all Windows 10 systems prior to the ALPC 0 day quick patch update. Which means most Windows 10 machines today are vulnerable and can be targeted by the malware.
PowerPool’s malware can be used by attackers to achieve multiple capabilities on the attacked machine, such as downloading more malicious code and running it on the attacked machine, control various functionalities of the operating system, taking snapshots of the user’s desktop, and stealing private files and information stored on the attacked system.
enSilo protects against infections by PowerPool’s malware. The malware is comprised of two main stage. The first stage aims to infect the system and download the second stage. The second stage aims to gain persistent control of the compromised system. Both malware stages are blocked, by preventing communication from the first stage malware - which causes the attempted attack to have no consequences, and by preventing it from executing the second stage malware, blocking the attacker from establishing connection and resulting in it’s failure and termination.