Tag: backdoor
-
Dreiteilige Malware sorgt für Verbreitung der Morpheus-Ransomware
Zscaler-ThreatLabz hat einen neuen Malware-Loader identifiziert und den Namen vergeben. Die dreiteilige Malware ist seit Februar 2025 aktiv und besteht aus den Komponenten Downloader, Backdoor und einem speziellen Loader für die Backdoor. Das Backdoor-Modul von Transferloader ermöglicht den Bedrohungsakteuren die Ausführung von willkürlichen Kommandos auf kompromittierten Systemen. Diese Malware wird zur Verbreitung der Morpheus-Ransomware […]…
-
Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generator Websites
A Vietnam-nexus hacking group distributes infostealers and backdoors via social media ads promoting fake AI generator websites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/vietnam-hackers-malware-fake-ai/
-
Earth Lamia: China-Linked APT Targets Global Industries with Custom Backdoors
Trend Micro’s latest threat intelligence report uncovers Earth Lamia, a stealthy and evolving China-nexus advanced persistent threat First seen on securityonline.info Jump to article: securityonline.info/earth-lamia-china-linked-apt-targets-global-industries-with-custom-backdoors/
-
Mandiant flags fake AI video generators laced with malware
A Vietnam-based group has spread thousands of advertisements, fake websites and social media posts promising access to popular prompt-to-video AI generation tools, delivering infostealers and backdoors instead. First seen on cyberscoop.com Jump to article: cyberscoop.com/ai-video-generator-malware-mandiant-unc5032-vietnam/
-
NETGEAR Router Flaw Allows Full Admin Access by Attackers
Tags: access, authentication, backdoor, control, cyber, exploit, firmware, flaw, router, vulnerabilityA severe authentication bypass vulnerability (CVE-2025-4978) has been uncovered in NETGEAR’s DGND3700v2 wireless routers, enabling unauthenticated attackers to gain full administrative control over affected devices. The flaw, rated with a critical CVSSv4 score of 9.3, stems from a hidden backdoor mechanism in the router’s firmware and impacts versions V1.1.00.15_1.00.15NA. Security researchers warn that exploitation could…
-
Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection
The AhnLab Security Intelligence Center (ASEC) has uncovered a new strain of backdoor malware being distributed alongside a Monero coin miner. This malware leverages the PyBitmessage library, a Python implementation of the Bitmessage protocol, to establish covert peer-to-peer (P2P) communications. Unlike traditional HTTP or IP-based methods, PyBitmessage encrypts data exchanges and anonymizes both sender and…
-
Novel MarsSnake backdoor spread in Chinese APT attack
First seen on scworld.com Jump to article: www.scworld.com/brief/novel-marssnake-backdoor-spread-in-chinese-apt-attack
-
Critical flaw in OpenPGP.js raises alarms for encrypted email services
Tags: attack, backdoor, crypto, email, flaw, group, malicious, open-source, risk, service, supply-chain, threat, tool, vulnerabilityTrusting open code: The incident also underscores a familiar trade-off. Open-source libraries such as OpenPGP.js are widely used because they offer transparency, broad adoption, and the advantages of community input and peer review.But trusting open source libraries also means inheriting any flaws they might have, even subtle ones, that can go unnoticed for years.”This vulnerability…
-
More_Eggs Malware Uses Job Application Emails to Distribute Malicious Payloads
The More_Eggs malware, operated by the financially motivated Venom Spider group (also known as Golden Chickens), continues to exploit human trust through meticulously crafted social engineering. Sold as a Malware-as-a-Service (MaaS) to notorious threat actors like FIN6 and Cobalt Group, this potent JavaScript backdoor primarily targets human resources (HR) departments by masquerading as job application…
-
China-linked UnsolicitedBooker APT used new backdoor MarsSnake in recent attacks
China-linked UnsolicitedBooker used a new backdoor, MarsSnake, to target an international organization in Saudi Arabia. ESET researchers revealed that a China-linked APT, tracked as UnsolicitedBooker, targeted an international organization in Saudi Arabia using a new backdoor called MarsSnake. The experts uncovered the attacks in March 2023 and again in 2024, noting that the group used…
-
Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization
Tags: attack, backdoor, china, data-breach, email, group, hacker, hacking, international, phishing, spear-phishing, tactics, threatThreat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake.ESET, which first discovered the hacking group’s intrusions targeting the entity in March 2023 and again a year later, said the activity leverages spear-phishing emails using First…
-
Malicious npm Package in Koishi Chatbots Steals Sensitive Data in Real Time
Socket’s Threat Research Team has uncovered a dangerous npm package named koishi-plugin-pinhaofa, masquerading as a spelling-autocorrect helper for Koishi chatbots. Marketed innocently, this plugin embeds a insidious data-exfiltration backdoor that scans every incoming message for an eight-character hexadecimal string a common format for Git commit hashes, truncated JWT tokens, API keys, or device IDs. Upon…
-
New Malware on PyPI Poses Threat to Open-Source Developers
Malicious dbgpkg package on PyPI poses as a debugging utility but acts as a delivery mechanism for a stealthy backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-pypi-threat-open-source/
-
Pro-Ukraine Group Targets Russian Developers with Python Backdoor
ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine… First seen on hackread.com Jump to article: hackread.com/ukraine-group-russian-developers-python-backdoor/
-
Printer Company Distributes Malicious Drivers Infected with XRed Malware
Procolored, a printer manufacturing company, has been found distributing software drivers infected with malicious code, including the notorious XRed backdoor malware. The issue came to light when Cameron Coward, a YouTuber behind the channel Serial Hobbyism, attempted to review a $6,000 UV printer and encountered antivirus alerts upon plugging in a USB drive containing the…
-
TransferLoader Malware Enables Attackers to Execute Arbitrary Commands on Infected Systems
A formidable new malware loader, dubbed TransferLoader, has emerged as a significant cybersecurity threat, as detailed in a recent report by Zscaler ThreatLabz. Active since at least February 2025, this sophisticated malware has been observed deploying multiple components, including a downloader, a backdoor, and a specialized loader for the backdoor module. These components collectively enable…
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape iClicker site hack targeted students with malware via fake CAPTCHA New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Backdoor found in popular ecommerce components Stealthy Linux backdoor leveraging residential proxies and NHAS reverse SSH…
-
Florida bill requiring encryption backdoors for social media accounts has failed
The bill would have required social media companies create encryption backdoors to allow access to users’ private information. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/09/florida-bill-requiring-encryption-backdoors-for-social-media-accounts-has-failed/
-
Chinese Hackers Exploit SAP RCE Vulnerability to Deploy Supershell Backdoors
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-31324, in SAP NetWeaver Visual Composer 7.x is being actively exploited by a Chinese threat actor, tracked as Chaya_004. This deserialization flaw allows attackers to upload malicious binaries, including web shells, to unpatched servers, granting full system takeover capabilities. According to research from Forescout, exploitation has…
-
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
Tags: ai, api, apple, backdoor, credentials, cybersecurity, infrastructure, intelligence, macOS, malicious, threat, toolCybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor.”Disguised as developer tools offering ‘the cheapest Cursor API,’ these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor’s First seen on thehackernews.com Jump…
-
MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware
The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan.The activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of a backdoor called…
-
Activated Magento Backdoor Hits Up to 1,000 Online Stores
Dormant PHP Backdoor Steals Payment Data. It took six years for a backdoor tucked in widely used Magento extensions for online stories to become apparent but it did so on April 20, affecting hunderds of digital storefronts. Security firm Sansec estimates between 500 to 1,000 stores run the software, including a $40 billion multinational. First…
-
BFDOOR Malware Targets Organizations to Establish Long-Term Persistence
The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly in the telecommunications sector. First identified by PwC in 2021, BPFDoor is a highly sophisticated backdoor malware designed to infiltrate Linux systems with an emphasis on long-term persistence and evasion. On April 25, 2025, the Korea Internet & Security Agency…
-
GhostWeaver backdoor deployed using MintsLoader malware
First seen on scworld.com Jump to article: www.scworld.com/brief/ghostweaver-backdoor-deployed-using-mintsloader-malware
-
Chinese Group TheWizards Exploits IPv6 to Drop WizardNet Backdoor
ESET has discovered Spellbinder, a new tool used by the China-linked cyber espionage group TheWizards to conduct AitM… First seen on hackread.com Jump to article: hackread.com/chinese-thewizards-exploits-ipv6-wizardnet-backdoor/
-
Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers
Tags: attack, backdoor, control, cyber, cybersecurity, exploit, hacker, injection, malicious, software, supply-chain, vulnerabilityCybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21 popular e-commerce applications, granting hackers full control over hundreds of online stores. This malicious campaign, which began with the injection of backdoors as early as six years ago, was activated this week, exposing vulnerabilities in software from vendors such as Tigren,…