Tag: backdoor
-
EU: These are scary times let’s backdoor encryption!
ProtectEU plan wants to have its cake and eat it too First seen on theregister.com Jump to article: www.theregister.com/2025/04/03/eu_backdoor_encryption/
-
Hersteller warnt: Gefährliche Cisco-Backdoor wird aktiv ausgenutzt
Durch die Backdoor erhalten Angreifer dank statischer Zugangsdaten Admin-Zugriff auf ein Lizenzierungstool für Cisco-Produkte. First seen on golem.de Jump to article: www.golem.de/news/hersteller-warnt-hacker-nutzen-eine-von-ciscos-backdoors-aus-2504-194970.html
-
Beware fake AutoCAD, SketchUp sites dropping malware
Malware peddlers are saddling users with the TookPS downloader and the Lapmon and TeviRat backdoors via malicious sites that mimic official ones and ostensibly offer … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/fake-autocad-sketchup-malware/
-
New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows
FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems. The threat actor FIN7, also known as Savage Ladybug, has developed a new Python-based malware, named Anubis Backdoor, which allows attackers to gain full remote control over infected Windows systems. It executes shell commands and system…
-
Cisco warns of CSLU backdoor admin account used in attacks
Cisco warns admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-cslu-backdoor-admin-account-used-in-attacks/
-
Unitree Go1: Gefährliche Backdoor in populärem Roboterhund entdeckt
Ein Roboterhund aus China konnte mit einem bestimmten API-Key aus der Ferne gesteuert werden – mit erheblichen Risiken für Personen in der Nähe. First seen on golem.de Jump to article: www.golem.de/news/unitree-go1-gefaehrliche-backdoor-in-populaerem-roboterhund-entdeckt-2504-194933.html
-
FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems.”This malware allows attackers to execute remote shell commands and other system operations, giving them full…
-
Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs
An undocumented remote access backdoor in the Unitree Go1 Robot Dog allows remote control over the tunnel network and use of the vision cameras to see through their eyes. The post Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/undocumented-remote-access-backdoor-found-in-unitree-go1-robot-dog/
-
Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order
Home Office refuses to answer questions from Lords over technical capability notice issued against Apple’s iCloud Advanced Data Protection encryption services First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366621785/Apple-devices-are-at-most-risk-in-UK-following-government-backdoor-order
-
New Phishing Attack Combines Vishing and DLL Sideloading Techniques
A new attack targeting Microsoft Teams users used vishing, remote access tools and DLL sideloading to deploy a JavaScript backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-attack-combines-vishing/
-
Chinesische Hackergruppe UNC3886 – Cyberkriminelle platzieren Backdoors in Juniper-Routern
Tags: backdoorFirst seen on security-insider.de Jump to article: www.security-insider.de/unc3886-hackergruppe-kompromittiert-juniper-router-a-c17ad34944c943e2f7ee7c3d06b851ac/
-
Hiding WordPress malware in the mu-plugins directory to avoid detection
Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. >>Unlike regular plugins, must-use plugins are automatically loaded on every page load,…
-
Earth Alux Hackers Use VARGIET Malware to Target Organizations
A new wave of cyberattacks orchestrated by the advanced persistent threat (APT) group Earth Alux has been uncovered, revealing the use of sophisticated malware, including the VARGEIT backdoor, to infiltrate critical industries. Linked to China, Earth Alux has been targeting organizations across the Asia-Pacific (APAC) region and Latin America since 2023, focusing on sectors such…
-
Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All
CISA Publishes Anatomy of Advanced Ivanti VPN Malware. Hackers using Trojans connected to a malware family deployed by Chinese nation-state hackers are actively exploiting a now-patched vulnerability in Ivanti Connect Secure appliances. The malware contains capabilities of a rootkit, dropper, backdoor, bootkit, proxy and tunneler. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/rootkit-backdoor-tunneler-ivanti-malware-does-all-a-27881
-
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp.The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208.”The threat actor deploys payloads primarily by means…
-
Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor
Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group, targeting Ukrainian users with malicious LNK files to deliver the Remcos backdoor. Active since at least November 2024, this campaign employs spear-phishing tactics, leveraging themes related to the Ukraine conflict to lure victims into executing the malicious files. The LNK files,…
-
Salt Typhoon may have upgraded backdoors for efficiency and evasion
CrowDoor and attributed to the Earth Estries APT group in November 2024.”GhostSparrow, aka Salt Typhoon (Microsoft), Earth Estries (Trend Micro), Ghost Emperor (Kaspersky Labs), and UNC2286 (Mandiant), has escalated cyber espionage, breaching US telecom networks and accessing data on over a million individuals. One of the key features ESET reported on the two previously unseen…
-
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/
-
China’s FamousSparrow flies back into action, breaches US org after years off the radar
Crew also cooked up two fresh SparrowDoor backdoor variants, says ESET First seen on theregister.com Jump to article: www.theregister.com/2025/03/27/china_famoussparrow_back/
-
DeBackdoor: A Framework for Detecting Backdoor Attacks in Deep Learning Models
Deep learning models, increasingly integral to safety-critical systems like self-driving cars and medical devices, are vulnerable to stealthy backdoor attacks. These attacks involve injecting hidden triggers into models, causing them to misbehave when triggered. Researchers from the Qatar Computing Research Institute and the Mohamed bin Zayed University of Artificial Intelligence have developed DeBackdoor, a novel…
-
Chinese FamousSparrow hackers deploy upgraded malware in attacks
A China-linked cyberespionage group known as ‘FamousSparrow’ was observed using a new modular version of its signature backdoor ‘SparrowDoor’ against a US-based trade organization. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-famoussparrow-hackers-deploy-upgraded-malware-in-attacks/
-
Malicious npm packages found to create a backdoor in legitimate code
Attackers open a reverse shell: This payload is a reverse shell that uses the ssh2 client functionality from the original ethers-provider2 to establish an SSH connection to an attacker-controlled server. The ethers-provider2 ssh client code is modified to listen to certain messages from the server and turn into a reverse shell, meaning the server can…
-
New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor
ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor. The group, thought to be inactive since 2022, compromised a US-based trade organization in the financial sector and a Mexican research institute in July 2024. The first variant closely resembles the CrowDoor malware…
-
New npm Malware Attack Infects Popular Ethereum Library with Backdoor
Security researchers at ReversingLabs have discovered a new malware campaign on the npm package repository, revealing a new… First seen on hackread.com Jump to article: hackread.com/npm-malware-infects-ethereum-library-with-backdoor/
-
New npm attack poisons local packages with backdoors
Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/
-
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC.”In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious…
-
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad.The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared…
-
New Sophisticated Linux Backdoor Targets OT Systems via 0-Day RCE Exploit
Researchers at QiAnXin XLab have uncovered a sophisticated Linux-based backdoor dubbed OrpaCrab, specifically targeting industrial systems associated with ORPAK, a company involved in gas stations and oil transportation. The malware, which was uploaded to VirusTotal in January 2024 from the U.S., employs advanced techniques to evade detection and maintain persistence on compromised systems. Exploitation of…
-
Novel Betruger backdoor deployed by RansomHub affiliate
Tags: backdoorFirst seen on scworld.com Jump to article: www.scworld.com/brief/novel-betruger-backdoor-deployed-by-ransomhub-affiliate
-
Researchers Uncover FIN7’s Stealthy Python-Based Anubis Backdoor
Researchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed by the notorious cybercrime group FIN7. This advanced threat actor, active since at least 2015, has been responsible for billions of dollars in damages globally, primarily targeting the financial and hospitality sectors. The Anubis Backdoor represents a significant evolution in FIN7’s…