Quote:The sLoad malware downloader, a PowerShell-based trojan first spotted in May 2018, has a new, polished version that comes with “more powerful features, posing even higher risk,” Microsoft researchers are warning.
 
After discovering it being used in several campaigns over the holidays, researchers have dubbed the new sLoad version “Starslord,” based on strings in the malware code. Starslord, a downloader that installs itself to the system, connects to a remote server, and downloads additional malware onto the infected system. In this, it follows an attack chain similar to the original version. However, version 2.0 includes a new anti-analysis trick and the ability to track the stage of infection on every affected machine.
 
“sLoad’s multi-stage attack chain…and its polymorphic nature in general make it a piece malware that can be quite tricky to detect,” Sujit Magar, with Microsoft’s Defender ATP research team, said in a Tuesday analysis. “Now, it has evolved into a new and polished version, Starlord, which retains sLoad’s most basic capabilities but does away with spyware capabilities in favor of new and more powerful features, posing even higher risk.”

The latest sLoad version comes on the heels of a previous Microsoft December research paper describing the downloader’s attack techniques, suggesting that the developers behind the malware are trying to shake off any analysis, Microsoft warned. Threatpost has reached out to Microsoft for more details regarding the victims and a timeline of the Starslord version.