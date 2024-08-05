Malware, Threat Intelligence

Windows BITS tapped by novel BITSLOTH backdoor

Share

Windows machines are being targeted by the new BITSLOTH backdoor, which facilitates command-and-control via the Background Intelligent Transfer Service to better evade detection, according to The Hacker News.

Deployed in an attack against a South American government's foreign ministry, the latest iteration of BITSLOTH — which is believed to have been actively developed since December 2021 — has been integrated with 35 handler functions, as well as other enumeration, command-line execution, and discovery capabilities, an analysis from Elastic Security Labs showed. Aside from enabling screen capturing, keylogging, file uploading and downloading, and command execution, BITSLOTH also allows persistence removal or reconfiguration, system reboots or shutdowns, communication mode changes, arbitrary process termination, and self-updating or deletion from the host, said researchers, who also linked the backdoor to Chinese speakers due to its logging functions and strings, as well as its utilization of the open-source tool RingQ that had been leveraged by a Chinese threat actor.

Related

Malware distributed through ISP compromise

After conducting a DNS poisoning attack against the ISP, StormBamboo leveraged vulnerable HTTP software update mechanisms without digital signature validation to facilitate the installation of MACMA and MgBot malware to Windows and macOS systems.

Infostealing PyPI packages spread through StackExchange

Threat actors who created StackExchange accounts commented on popular threads with high-quality answers that included links to the packages, including 'spl-types,' 'sol-structs,' 'sol-instruct,' 'raydium,' and 'raydium-sdk,' which facilitated the download of scripts enabling browser, messaging app, and cryptocurrency wallet data exfiltration.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.