China's 'Evasive Panda' Hijacks Software Updates to Deliver Custom Backdoor
Researchers observed downloads of installers for the APT's flagship backdoor, MgBot, when users at a Chinese NGO were updating legitimate applications.
Stay updated on the latest backdoor threats in cybersecurity. Discover news, analysis, and insights on covert access vulnerabilities.
Search across headline titles and summaries.
Background for this topic.
A backdoor is a hidden method within software or hardware that allows bypassing normal authentication to access a system or network. These can be intentionally created by developers for maintenance or debugging but are frequently exploited or implanted by attackers to maintain unauthorized, persistent access. Backdoors often appear as undocumented commands, hidden user accounts, or covert network services designed to evade detection.
In cybersecurity, backdoors enable attackers to circumvent security controls, increasing the risk of prolonged system compromise and data exposure. Detecting backdoors requires careful code review, monitoring for unusual system behavior, and verifying integrity through trusted baselines. Identifying backdoor indicators in malware or attacker infrastructure is critical for limiting unauthorized access and reducing attacker dwell time within networks. Defensive measures focus on eliminating hidden access points and strengthening authentication mechanisms.
Researchers observed downloads of installers for the APT's flagship backdoor, MgBot, when users at a Chinese NGO were updating legitimate applications.
Most of the plugins are designed to steal information from highly popular Chinese applications
The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033
Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033.' [...]
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a backdoor called PowerLess
The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal
Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week