Chinese hackers abuse VLC Media Player to launch malware loader
Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.
Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529
In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
New RustDoor macOS malware impersonates Visual Studio update
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.
In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg
Russian military hackers target Ukraine with new MASEPIE malware
Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.
Chinese hackers abuse VLC Media Player to launch malware loader
Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.
Chinese hackers abuse VLC Media Player to launch malware loader
Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.
BLOODALCHEMY is a new, actively developed, backdoor that leverages a benign binary as an injection vehicle, and is a part of the REF5961 intrusion set.
TETRA Radio Code Encryption Has a Flaw: A Backdoor
A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.
Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.
Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack
During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.
Chinese hackers abuse VLC Media Player to launch malware loader
Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.
A Shady Chinese Firm’s Encryption Chips Got Inside NATO and NASA
The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.
Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being "smart" means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot capabilities. From an attacker’s point of view, it’s interesting to “see” what’s displayed on the victim’s computer.
Our deep analysis of the Worok toolset (previously described by ESET Research) reveals the final stage, hidden in a PNG file, that steals data and provides a multifunctional backdoor using the DropBox repository and API.
From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
A new variant of the URSNIF malware, first observed in June 2022, marks an important milestone for the tool. Unlike previous iterations of URSNIF, this new variant, dubbed LDR4, is not a banker, but a generic backdoor (similar to the short-lived SAIGON variant), which may have been purposely built to enable operations like ransomware and data theft extortion. This is a significant shift from the malware’s original purpose to enable banking fraud, but is consistent with the broader threat landscape.
MSSQL, meet Maggie. A novel backdoor for Microsoft SQL…
Continuing our monitoring of signed binaries, DCSO CyTec recently found a novel backdoor malware targeting Microsoft SQL servers. The malware comes in form of an “Extended Stored Procedure” DLL, a…
TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks
Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on."
The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact
In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
Confiant monitors 2.5+ billion ads per day via 110+ integrations in the advertising stack. This provides great visibility on malicious activity infiltrating the ad stack and the broader Internet. And that includes all the web3 malicious activity funneling thru it. The variety and the range of our detection enable Confiant to detect unique malicious activity as soon as it surfaces. SeaFlower is an example of this unique cluster of malicious activities targeting web3 wallet users that we will document in this blog post.
