Security News > 2023 > December > Hackers use new Agent Raccoon malware to backdoor US targets
A novel malware named 'Agent Raccoon' is being used in cyberattacks against organizations in the United States, the Middle East, and Africa.
Agent Raccoon is a.NET malware disguised as a Google Update or Microsoft OneDrive Updater that leverages the DNS protocol to establish a covert communication channel with the attackers' C2 infrastructure.
Unit 42 notes that while the malware itself lacks a persistence mechanism, their observations suggest that it is executed by scheduled tasks.
The analysts also note that they have captured different samples of Agent Raccoon with slight code variations and optimizations in its settings, indicating that the malware's authors are actively developing and adapting it to specific operational requirements.
ToddyCat hackers use 'disposable' malware to target Asian telecoms.
BlueNoroff hackers backdoor Macs with new ObjCShellz malware.
News URL
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- China Possibly Hacking US “Lawful Access” Backdoor (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- US says Chinese hackers breached multiple telecom providers (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)