Kaspersky researchers have discovered new variants of the Eagerbee backdoor targeting ISPs and government entities in the Middle East. New attack components include a service injector for backdoor deployment and plugins for payload delivery, system access, and remote control. The malware gathers system information and supports SSL/TLS protocols. The orchestrator injects itself and sends commands to execute via plugins. It is linked with medium confidence to the CoughingDown threat group.
Operation Silk Lure Weaponizing Windows Scheduled Tasks to Drop ValleyRAT
Over the past month, a targeted campaign dubbed Operation Silk Lure has surfaced, exploiting the Windows Task Scheduler to deploy a novel variant of ValleyRAT.
