“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.
https://threatpost.com/turla-apt-backdoor-afghanistan/174858/
Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself.
https://threatpost.com/shape-shifting-tardigrade-malware-hits-vaccine-makers/176601/