"PowerStager" Tool Employs Unique Obfuscation

A malicious tool that has managed to fly under the radar since April 2017 is showing great focus on obfuscation, in an attempt to evade detection, Palo Alto Networks warns. Dubbed PowerStager, the tool has shown an uptick in usage for in-the-wild attacks around December 2017. Developed as a Python script that generates Windows executables using C source code, it uses multiple layers of obfuscation to launch PowerShell scripts to execute a shellcode payload. PowerStager uses a unique obfuscation technique for PowerShell segments, while also offering increased flexibility, due to multiple configuration options.