Tag: backdoor
-
Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor
Acronis reveals Mustang Panda is using a new LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works. First seen on hackread.com Jump to article: hackread.com/mustang-panda-india-s-korea-lotuslite-backdoor/
-
WordPress-Plugins deaktiviert: Backdoor-Angriff trifft über 400.000 Installationen
First seen on t3n.de Jump to article: t3n.de/news/wordpress-plugins-deaktiviert-1738354/
-
New GoGra malware for Linux uses Microsoft Graph API for comms
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms/
-
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector.”The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than First seen on thehackernews.com…
-
DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection
DinDoor is a newly documented backdoor that abuses the Deno JavaScript runtime and MSI installer files to execute attacker”‘controlled code while sidestepping traditional detection controls quietly. Hiding behind trusted runtimes and common Windows tooling gives threat actors a flexible way to deploy fileless or low”‘footprint malware into enterprise environments. Instead of shipping a conventional compiled…
-
Microsoft-Signed Binary Helps Deliver LOTUSLITE in India Spy Campaign
Microsoft-signed developer tooling is being abused to quietly deploy a new LOTUSLITE backdoor variant against India’s banking sector, in what researchers link to the China”‘nexus Mustang Panda espionage cluster with moderate confidence. The backdoor retains its espionage profile, offering remote shell access, file operations, and session management rather than any obvious monetization features. Communications are…
-
KI auf dem Computer: Claude-Desktop-App installiert ungefragt Backdoor
Ein Datenschützer hat den Eintrag im Browser nur durch Zufall entdeckt. Sie könnte theoretisch für Angriffe genutzt werden. First seen on golem.de Jump to article: www.golem.de/news/ki-auf-dem-computer-claude-desktop-app-installiert-ungefragt-backdoor-2604-207804.html
-
Iran claims US used backdoors to knock out networking equipment during war
And China is loving it First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/iran_claims_us_used_backdoors/
-
QEMU Hijacked as Stealth Backdoor for Credential Theft, Ransomware
Attackers are increasingly abusing QEMU virtual machines to hide credential theft and ransomware staging inside “invisible” virtual environments, making detection and forensics significantly harder for defenders. QEMU is a legitimate open-source emulator and virtualizer that allows running full operating systems as virtual machines on a host. Threat actors are weaponizing this capability by running their…
-
Payouts King ransomware uses QEMU VMs to bypass endpoint security
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/payouts-king-ransomware-uses-qemu-vms-to-bypass-endpoint-security/
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face
Tags: backdoor, blockchain, credentials, cve, cyber, exploit, infection, rce, remote-code-execution, theftAttackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high”‘value infection points. The campaign combines pre-auth RCE, credential theft, lateral movement to PostgreSQL and Redis, and a blockchain-based C2 channel that is difficult to monitor or…
-
Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft
Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, backdoors, and ad injection. The post Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-malicious-chrome-extensions-data-theft/
-
Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites
More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. The post Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-malicious-wordpress-plugins-backdoor-april-2026/
-
Over 100 Chrome Web Store extensions steal user accounts, data
More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-100-chrome-extensions-in-web-store-target-users-accounts-and-data/
-
Over 100 Chrome extensions in Web Store target users accounts and data
More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-100-chrome-extensions-in-web-store-target-users-accounts-and-data/
-
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites
Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/
-
Someone planted backdoors in dozens of WordPress plugins used in thousands of websites
Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/
-
Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses
ViperTunnel is a Python-based backdoor linked to DragonForce ransomware that targets businesses using Windows servers across the US and the UK. First seen on hackread.com Jump to article: hackread.com/ransomware-vipertunnel-malware-uk-us-businesses/
-
APT41 Targets Linux Cloud Servers With New Winnti Backdoor
A previously undocumented Linux backdoor attributed to China-linked threat group APT41 (Winnti) has been uncovered, targeting cloud workloads across AWS, GCP, Azure, and Alibaba Cloud. The ELF-based implant, currently showing zero detections on VirusTotal, transforms Linux servers into stealthy credential theft nodes using a novel SMTP-based command-and-control (C2) mechanism. The discovery indicates a new phase in APT41’s Linux and cloud-targeted…
-
APT41 Delivers ‘Zero-Detection’ Backdoor to Harvest Cloud Credentials
The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/apt41-zero-detection-backdoor-harvest-cloud-credentials
-
APT41 Delivers ‘Zero-Detection’ Backdoor to Harvest Cloud Credentials
The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/apt41-zero-detection-backdoor-harvest-cloud-credentials
-
VIPERTUNNEL Python Backdoor Hidden in Fake DLL, Obfuscated Loader Chain
Hackers are abusing a stealthy Python backdoor called VIPERTUNNEL, hiding it behind a fake DLL file and a multi”‘stage obfuscated loader to quietly tunnel traffic out of victim networks. A review of persistence mechanisms revealed a sitecustomize.py file in C:\ProgramData\cp49s\Lib\. This special Python module auto”‘loads at interpreter startup and can silently run code without command”‘line input. This script used ctypes to…
-
VIPERTUNNEL Python Backdoor Hidden in Fake DLL, Obfuscated Loader Chain
Hackers are abusing a stealthy Python backdoor called VIPERTUNNEL, hiding it behind a fake DLL file and a multi”‘stage obfuscated loader to quietly tunnel traffic out of victim networks. A review of persistence mechanisms revealed a sitecustomize.py file in C:\ProgramData\cp49s\Lib\. This special Python module auto”‘loads at interpreter startup and can silently run code without command”‘line input. This script used ctypes to…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 92
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2 Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group) Hackers Are Attempting to Turn ComfyUI Servers Into a…
-
New macOS Malware notnullOSX Targets Crypto Wallets Over $10K
macOS Malware notnullOSX targets crypto wallets over $10K, using fake apps, Terminal tricks, and backdoors to steal funds and sensitive data. First seen on hackread.com Jump to article: hackread.com/macos-malware-notnullosx-crypto-wallets/
-
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions
Invisible path to enterprise systems: This attack poses a serious risk to enterprises because, instead of beginning at the corporate perimeter, it starts from employee environments that are often less secure. Threat actors target vulnerable home or small office routers, which often have weak default passwords or unpatched software.The shift to remote work has dramatically…
-
From Taiwan to Tehran: How TA416 Pivots its PlugX Backdoor to Global Flashpoints
Tags: backdoorThe post From Taiwan to Tehran: How TA416 Pivots its PlugX Backdoor to Global Flashpoints appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/ta416-plugx-backdoor-geopolitical-pivot-2026/