Latest Backdoor news

New ‘Lightning Framework’ Linux malware installs rootkits, backdoors

A previously undetected malware dubbed 'Lightning Framework' that targets Linux systems can be used to backdoor infected devices using SSH and deploy rootkits to cover the attackers' tracks.
- Sergiu Gatlan
- July 21, 2022
- 05:42 AM
- 0
New CloudMensis malware backdoors Macs to steal victims’ data

Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks.
- Sergiu Gatlan
- July 19, 2022
- 05:30 AM
- 0
New stealthy OrBit malware steals data from Linux devices

A newly discovered Linux malware is being used to stealthily steal information from backdoored Linux systems and infect all running processes on the machine.
- Sergiu Gatlan
- July 07, 2022
- 04:38 PM
- 0
Microsoft Exchange servers worldwide backdoored with new malware

A newly discovered lightweight and persistent malware was used by attackers to backdoor Microsoft Exchange servers belonging to government and military organizations from Europe, the Middle East, Asia, and Africa.
- Sergiu Gatlan
- June 30, 2022
- 12:59 PM
- 3
Gallium hackers backdoor finance, govt orgs using new PingPull malware

The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa.
- Bill Toulas
- June 13, 2022
- 05:56 PM
- 0
New Syslogk Linux rootkit uses magic packets to trigger backdoor

A new rootkit malware named 'Syslogk' has been spotted in the wild, and it features advanced process and file hiding techniques that make detection highly unlikely.
- Bill Toulas
- June 13, 2022
- 11:13 AM
- 1
Iranian hackers target energy sector with new DNS backdoor

The Iranian Lycaeum APT hacking group uses a new .NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors.
- Bill Toulas
- June 10, 2022
- 02:06 PM
- 0
BPFDoor malware uses Solaris vulnerability to get root privileges

New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems.
- Ionut Ilascu
- May 25, 2022
- 07:21 AM
- 0
Fake Windows exploits target infosec community with Cobalt Strike

A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor.
- Lawrence Abrams
- May 23, 2022
- 04:12 PM
- 1
Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
- Bill Toulas
- May 21, 2022
- 11:16 AM
- 0
Backdoor baked into premium school management plugin for WordPress

Security researchers have discovered a backdoor in a premium WordPress plugin built as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating.
- Bill Toulas
- May 20, 2022
- 02:02 PM
- 1
BPFDoor: Stealthy Linux malware bypasses firewalls for remote access

A recently discovered backdoor malware called BPFDoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years.
- Ionut Ilascu
- May 12, 2022
- 01:07 PM
- 0
Hackers are now hiding malware in Windows Event Logs

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild.
- Ionut Ilascu
- May 09, 2022
- 08:00 AM
- 1
Cyberspies use IP cameras to deploy backdoors, steal Exchange emails

A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.
- Sergiu Gatlan
- May 02, 2022
- 01:28 PM
- 0
Russian state hackers hit Ukraine with new malware variants

Threat analysts report the activity of the Russian state-sponsored threat group known as Gamaredon (Armageddon, Shuckworm), is still notably active in Ukrainian computer networks.
- Bill Toulas
- April 20, 2022
- 06:27 AM
- 1
OldGremlin ransomware gang targets Russia with new malware

OldGremlin, a little-known threat actor that uses its particularly advanced skills to run carefully prepared, sporadic campaigns, has made a comeback last month after a gap of more than one year.
- Ionut Ilascu
- April 14, 2022
- 04:55 AM
- 0
Chinese hackers abuse VLC Media Player to launch malware loader

Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.
- Ionut Ilascu
- April 05, 2022
- 01:58 PM
- 1
DPRK hackers go after crypto assets using trojanized DeFi Wallet app

Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors.
- Ionut Ilascu
- March 31, 2022
- 08:05 AM
- 0
Serpent malware campaign abuses Chocolatey Windows package manager

Threat actors are abusing the popular Chocolatey Windows package manager in a new phishing campaign to install new 'Serpent' backdoor malware on systems of French government agencies and large construction firms.
- Bill Toulas
- March 21, 2022
- 01:10 PM
- 3
Hundreds of GoDaddy-hosted sites backdoored in a single day

Internet security analysts have spotted a spike in backdoor infections on WordPress websites hosted on GoDaddy's Managed WordPress service, all featuring an identical backdoor payload.
- Bill Toulas
- March 16, 2022
- 01:22 PM
- 0