Tag: backdoor
-
Keenadu: Android malware that comes preinstalled and can’t be removed by users
Embedded in core system apps: Keenadu can control legitimate system applications on affected devices. Kaspersky observed it inside critical components such as face unlock applications, raising the possibility that attackers could access biometric data. The malware was also found operating within the home screen app that controls the device’s primary interface.The researchers warned that the…
-
Gefährliche Backdoor: Android-Malware in Firmware und auf Google Play entdeckt
Die Keenadu-Malware verschafft Angreifern die volle Kontrolle über Android-Geräte. Eine Entfernung gestaltet sich je nach Infektionsweg schwierig. First seen on golem.de Jump to article: www.golem.de/news/gefaehrliche-backdoor-android-malware-in-firmware-und-auf-google-play-entdeckt-2602-205544.html
-
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
Kaspersky uncovered Keenadu, an Android backdoor used for ad fraud that can even take full control of devices. Kaspersky has identified a new Android malware called Keenadu. It can be preinstalled in device firmware, hidden inside system apps, or even distributed via official stores like Google Play. Currently used for ad fraud by turning infected…
-
Malware Campaign Targets Crypto Users with Fake MetaMask Wallet and Remote Access Backdoor
An aggressive malware campaign targeting IT professionals in cryptocurrency, Web3, and AI to steal sensitive data and live crypto funds from victim wallets. The attackers pose as recruiters and use trojanized coding tasks to deliver two core malware families, BeaverTail and InvisibleFerret, which have been steadily upgraded with new data theft and wallet-targeting features. The…
-
Hackers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines
Threat actors linked to China have deployed a novel backdoor, according to researchers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/zero-day-dell-recoverpoint-virtual-machines-exploited/812392/
-
Hsckers exploit zero-day flaw in Dell RecoverPoint for Virtual Machines
Threat actors linked to China have deployed a novel backdoor, according to researchers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/zero-day-dell-recoverpoint-virtual-machines-exploited/812392/
-
NDSS 2025 LADDER: Multi-Objective Backdoor Attack Via Evolutionary Algorithm
Session 12D: ML Backdoors Authors, Creators & Presenters: Dazhuang Liu (Delft University of Technology), Yanqi Qiao (Delft University of Technology), Rui Wang (Delft University of Technology), Kaitai Liang (Delft University of Technology), Georgios Smaragdakis (Delft University of Technology) PAPER LADDER: Multi-Objective Backdoor Attack via Evolutionary Algorithm Current black-box backdoor attacks in convolutional neural networks formulate…
-
Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates
A new Android backdoor that’s embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky.The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build…
-
New Keenadu backdoor found in Android firmware, Google Play apps
A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-keenadu-backdoor-found-in-android-firmware-google-play-apps/
-
New Keenadu backdoor found in Android firmware, Google Play apps
A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-keenadu-backdoor-found-in-android-firmware-google-play-apps/
-
Firmware-level Android backdoor found on tablets from multiple manufacturers
A new Android backdoor embedded directly in device firmware can quietly take control of apps and harvest data, Kaspersky researchers found. The malware, named Keenadu, was … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/17/firmware-level-android-backdoor-keenadu-tablets/
-
10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons
Tags: access, ai, application-security, attack, automation, backdoor, banking, ceo, cisco, ciso, compliance, control, credentials, crypto, cyber, cybercrime, cybersecurity, data-breach, defense, detection, endpoint, exploit, finance, fintech, firewall, framework, infrastructure, intelligence, international, malware, monitoring, network, north-korea, oracle, password, risk, service, software, theft, threat, tool, vulnerabilitySecurity shortcomings: Adrian Cheek, senior cybercrime researcher at threat exposure management firm Flare, said the Bangladesh Bank heist was possible because of a number of security shortcomings, including a failure to air gap critical infrastructure.”The Bank of Bangladesh had four servers and the same number of desktops connected to SWIFT,” Cheek says. “This infrastructure, however,…
-
NDSS 2025 PBP: Post-Training Backdoor Purification For Malware Classifiers
Session 12B: Malware Authors, Creators & Presenters: Dung Thuy Nguyen (Vanderbilt University), Ngoc N. Tran (Vanderbilt University), Taylor T. Johnson (Vanderbilt University), Kevin Leach (Vanderbilt University) PAPER PBP: Post-Training Backdoor Purification for Malware Classifiers In recent years, the rise of machine learning (ML) in cybersecurity has brought new challenges, including the increasing threat of backdoor…
-
NDSS 2025 PBP: Post-Training Backdoor Purification For Malware Classifiers
Session 12B: Malware Authors, Creators & Presenters: Dung Thuy Nguyen (Vanderbilt University), Ngoc N. Tran (Vanderbilt University), Taylor T. Johnson (Vanderbilt University), Kevin Leach (Vanderbilt University) PAPER PBP: Post-Training Backdoor Purification for Malware Classifiers In recent years, the rise of machine learning (ML) in cybersecurity has brought new challenges, including the increasing threat of backdoor…
-
Feiniu NAS Devices Hit in Massive Netdragon Botnet Attack Exploiting Unpatched Vulnerabilities
Tags: attack, backdoor, botnet, cyber, ddos, exploit, infrastructure, malware, network, vulnerabilityFeiniu fnOS network-attached storage (NAS) devices have been pulled into a large Netdragon botnet after attackers exploited still-unpatched vulnerabilities, turning home and small”‘business storage into infrastructure for DDoS attacks.”‹ The malware opens an HTTP backdoor on port 57132, letting attackers run arbitrary system commands remotely via crafted GET requests to the /api path. Using traffic fingerprints from…
-
Zugangsdaten geleakt: Backdoor zur IT von 200 Flughäfen entdeckt
Forscher haben im Darknet Zugangsdaten eines IT-Dienstleisters gefunden. Damit hätten wichtige Flughafensysteme lahmgelegt werden können. First seen on golem.de Jump to article: www.golem.de/news/zugangsdaten-geleakt-backdoor-zur-it-von-200-flughaefen-entdeckt-2602-205333.html
-
Notepad++ lieferte monatelang Backdoors statt Updates – Notepad++-Super-GAU: Wie das Admin-Tool zur APT-Waffe wurde
First seen on security-insider.de Jump to article: www.security-insider.de/notepad-plus-plus-super-gau-apt-backdoor-a-5db1240aced2e8b2a1b4739eea71cf01/
-
Fancy Bear Exploits Microsoft Zero-Day to Deploy Backdoors and Email Stealers
Fancy Bear has launched a sophisticated campaign exploiting a critical zero-day vulnerability in Microsoft RTF files to target users across Central and Eastern Europe. The operation, dubbed >>Operation Neusploit,<< demonstrates the group's continued evolution in tradecraft and its strategic focus on regions of geopolitical interest to Russia. The group embedded malicious code within specially crafted…
-
Threat Actors Using Ivanti EPMM Flaws to Install Stealth Backdoors
A sophisticated new cyber campaign has been detected targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Starting on February 4, 2026, threat actors began exploiting two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, to plant dormant backdoors. Unlike typical attacks that immediately steal data or deploy ransomware, this campaign focuses on silence and persistence. Stealth Backdoors The attackers…
-
âš¡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More
Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths.A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps,…
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
Vortex Werewolf Targets Organizations With Tor-Enabled RDP, SMB, SFTP, and SSH Backdoors
A threat cluster tracked as >>Vortex Werewolf<< (also known as SkyCloak) has been observed targeting Russian government and defense organizations. The attack begins not with a typical malicious attachment, but with a highly credible phishing link. Vortex Werewolf distributes URLs that masquerade as legitimate Telegram file-sharing resources. These links, often hosted on domains designed to…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
Microsoft develops a new scanner to detect hidden backdoors in LLMs
Effectiveness of the scanner: Microsoft said the scanner does not require retraining models or prior knowledge of backdoor behavior and operates using forward passes only, avoiding gradient calculations or backpropagation to keep computing costs low.The company also said it works with most causal, GPT-style language models and can be used across a wide range of…
-
OpenClaw or Open Door? Prompt Injection Creates AI Backdoors
Zenity researchers show how indirect prompt injection can turn OpenClaw into a persistent AI backdoor without exploiting a software flaw. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openclaw-or-open-door-prompt-injection-creates-ai-backdoors/