Security News > 2023 > December > Hackers use new Agent Raccoon malware to backdoor US targets
A novel malware named 'Agent Raccoon' is being used in cyberattacks against organizations in the United States, the Middle East, and Africa.
Agent Raccoon is a.NET malware disguised as a Google Update or Microsoft OneDrive Updater that leverages the DNS protocol to establish a covert communication channel with the attackers' C2 infrastructure.
Unit 42 notes that while the malware itself lacks a persistence mechanism, their observations suggest that it is executed by scheduled tasks.
The analysts also note that they have captured different samples of Agent Raccoon with slight code variations and optimizations in its settings, indicating that the malware's authors are actively developing and adapting it to specific operational requirements.
ToddyCat hackers use 'disposable' malware to target Asian telecoms.
BlueNoroff hackers backdoor Macs with new ObjCShellz malware.
News URL
Related news
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- North Korean hackers exploit VPN update flaw to install malware (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- US warns of Iranian hackers escalating influence operations (source)
- US offers $2.5 million reward for hacker linked to Angler Exploit Kit (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)