Security News > 2023 > October > BLOODALCHEMY provides backdoor to southeast Asian nations' secrets

BLOODALCHEMY is the new backdoor that's been used by the operators of REF5961, but even though skilled malware developers are believed to have worked on the program, it's still thought to be a work in progress.

Although it's a functional malware strain, part of the three new malware families uncovered through analyzing REF5961, its capabilities are still limited.

"While unconfirmed, the presence of so few effective commands indicates that the malware may be a subfeature of a larger intrusion set or malware package, still in development, or an extremely focused piece of malware for a specific tactical usage," said Elastic in a blog.

The backdoor copies itself into its persistence folder by adding a new folder called "Test" and inside is "Test.exe" - the malware binary.

BLOODALCHEMY is part of the REF5961 intrusion set, which itself contains three new malware families being used in ongoing attacks.

Malware samples in REF5961 have also been found in a previous intrusion set, REF2924, which is believed to be used in attacks on ASEAN members, including the Mongolian Ministry of Foreign Affairs.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/16/bloodalchemy_backdoor/