New Malware Framework TencShell Enables Remote Control and UAC Bypass

Severity: High (Score: 64.5)

Sources: Gbhackers, Cybersecuritynews

Summary

A sophisticated malware framework named TencShell has been identified, capable of screen control, browser artifact access, and User Account Control (UAC) bypass. This framework allows attackers to gain full remote control over compromised systems. The operation is characterized by its stealthy integration into normal enterprise traffic, making detection challenging. Investigators noted suspicious infrastructure activity and command-and-control communication patterns associated with this malware. The discovery raises alarms within the cybersecurity community regarding the repurposing of open-source tools for targeted intrusions. Organizations are urged to enhance their defenses against such sophisticated attacks. The full scope of affected systems and potential victims is still being assessed. Key Points: • TencShell malware enables full remote control and UAC bypass on compromised systems. • Attackers are leveraging open-source tools for targeted intrusions, increasing detection difficulty. • Suspicious command-and-control communication patterns have been observed in enterprise environments.

Key Entities

• Malware (attack_type)
• TencShell (malware)
• T1071 - Application Layer Protocol (mitre_attack)
• T1548.002 - Bypass User Account Control (mitre_attack)