Researchers with Gigamon have spotted a new campaign by the financially motivated hacking group FIN8 that relies on a new type of reverse shell dubbed BADHATCH.

The BADHATCH malware is designed to execute malicious code on Windows systems by taking advantage of pre-installed administrative tools including PowerShell and WMIC. This technique is known as living-off-the-land. Once the threat actors have established the BADHATCH reverse shell on a targeted system, they use it to launch malware that targets payment-card processing systems in order to steal credit card data.

Read more: FIN8 Reappears with BADHATCH Malware