Stay updated on the latest backdoor threats in cybersecurity. Discover news, analysis, and insights on covert access vulnerabilities.
Search across headline titles and summaries.
Background for this topic.
Backdoor is a term in information security that denotes a method of bypassing normal authentication or security controls to access a computer system, network, or software application. These might be intentionally created by software developers for legitimate reasons, such as maintenance or troubleshooting, but they can also be inserted maliciously by attackers to gain unauthorized access to systems or data.
Backdoors can take many forms, including secretive combinations of keystrokes, unrecognized user accounts, hidden processes, or unnoticed network services. In the realm of cybersecurity, the discovery, monitoring, and closing of backdoors are critical tasks, as their presence often signifies a severe vulnerability that could be exploited by hackers, potentially leading to data breaches, system hijackings, or other malicious activities.
Weekly headline count for the current query.
A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]
Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022
"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers.
Chainable Bugs Enable Credential Theft, Persistence, TakeoverFour chainable flaws in OpenClaw allowed attackers to move from an initial foothold to persistent system-level compromise by abusing the AI agent's own privileges. The bugs enabled credential theft, privilege escalation and backdoor deployment, affecting all versions released before April 23.
A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. [...]
The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. [...]
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts
Researchers Say Nation-State Actors Are Evolving Persistence TechniquesAn apparent Chinese nation-state hacking group gussied up its tooling with new modular functionality, say security researchers who observed a cyberespionage campaign affecting Asia-Pacific governments. The activity resembles attack patterns of the threat actor tracked as Mustang Panda
Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc
Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, Kazuar has expanded from a relatively traditional backdoor into a highly modular peer-to-peer (P2P) botnet ecosystem designed to enable persistent, covert access to target environments. The post Kazuar: Anatomy of a nation-state botnet appeared first on Microsoft Security Blog.
Mustang Panda campaign deploys updated FDMTP backdoor against Asia-Pacific and Japan networks
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination.
Sophos finds fake Claude site spreading DonutLoader and a new Beagle backdoor via DLL sideloading
A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. [...]
MOIS-linked cyber outfit puts on a ransomware show to disguise the wide-open backdoor behind the scenes
A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities. [...]
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. [...]
Website Popular in Korean Ethnic Enclave in China Hosts Apps Laced With a BackdoorA North Korean hacking group has been spying on a Korean ethnic enclave in China by infiltrating the Android apps of a regional gaming platform that hosts digital card and board games. Researchers attributed the supply-chain attack to a threat actor that Eset tracks as ScarCruft.