Security News > 2023 > December > Hackers use new Agent Raccoon malware to backdoor US targets
A novel malware named 'Agent Raccoon' is being used in cyberattacks against organizations in the United States, the Middle East, and Africa.
Agent Raccoon is a.NET malware disguised as a Google Update or Microsoft OneDrive Updater that leverages the DNS protocol to establish a covert communication channel with the attackers' C2 infrastructure.
Unit 42 notes that while the malware itself lacks a persistence mechanism, their observations suggest that it is executed by scheduled tasks.
The analysts also note that they have captured different samples of Agent Raccoon with slight code variations and optimizations in its settings, indicating that the malware's authors are actively developing and adapting it to specific operational requirements.
ToddyCat hackers use 'disposable' malware to target Asian telecoms.
BlueNoroff hackers backdoor Macs with new ObjCShellz malware.
News URL
Related news
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- US indicts Snowflake hackers who extorted $2.5 million from 3 victims (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Hacker gets 10 years in prison for extorting US healthcare provider (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)