New High-Tech Backdoor with Unique Strategies

As part of a cyber espionage effort, threat actor Stealth Falcon was using a complex backdoor known as Deadglyph, which cybersecurity experts have found to be previously unreported.

ESET Says, “Deadglyph’s architecture is unique in that it is made up of two cooperating components: a.NET assembly and a native x64 binary,” 

Malware usually employs just one programming language for all of its components, therefore this combination is unique. This variation may point to the two components’ independent evolution while allowing them to benefit from the special qualities of the different programming languages they use.”

It’s also believed that using many programming languages is a purposeful strategy to obstruct analysis, making it far more difficult to traverse and troubleshoot.

Its instructions, in contrast to those of other conventional backdoors of the same sort, come from an actor-controlled server in the form of extra modules that enable it to read files, start new processes, and gather data from the compromised computers.

First made public by the Citizen Lab in 2016, Stealth Falcon, also known as FruityArmor, was connected to a series of targeted spyware attacks in the Middle East that targeted journalists, activists, and dissidents in the United Arab Emirates. The attacks used spear-phishing lures embedded with booby-trapped links pointing to documents laced with macros to deliver a custom implant capable of carrying out arbitrary commands.

(Score: 12) - 4.5/5