According to Kaspersky Lab's latest report, an "invisible" malware is spreading among banks, telecommunication companies and government agencies. This sophisticated worm uses legitimate system admin and security tools such as PowerShell, Metasploit and Mimikatz to inject malware into computer memory.
This particular malware was first discovered by the security team of a bank. They found a copy of Meterpreter on the physical memory of Microsoft domain controller. Forensic analysis reported that the Meterpreter code was downloaded and injected by using PowerShell commands. It was discovered that the NETSH utility was used for tunneling traffic from the victim's computer to the attacker's server. To run malicious PowerShell scripts, the attackers grabbed credentials from Service accounts with administrative privileges by using Mimikatz.
By now, over 140 enterprises in 40 countries have been affected by the new malware.