The notorious Stealth Falcon cyberespionage group has adopted a new backdoor using the Windows Background Intelligent Transfer Service (BITS) in its ongoing spyware attacks against journalists, activists and dissidents in the Middle East. The feature allows attackers to create a re-occurring task to download and install malware, even after the original malware is extracted. The BITS service has a long history of being abused by attackers dating back to 2007, according to researchers at ESET. BITS is used by Windows Update and third-party software for application updates.
Source: https://threatpost.com/stealth-falcon-middle-east-windows-bits/148136/