Security News > 2023 > December > Hackers use new Agent Raccoon malware to backdoor US targets
A novel malware named 'Agent Raccoon' is being used in cyberattacks against organizations in the United States, the Middle East, and Africa.
Agent Raccoon is a.NET malware disguised as a Google Update or Microsoft OneDrive Updater that leverages the DNS protocol to establish a covert communication channel with the attackers' C2 infrastructure.
Unit 42 notes that while the malware itself lacks a persistence mechanism, their observations suggest that it is executed by scheduled tasks.
The analysts also note that they have captured different samples of Agent Raccoon with slight code variations and optimizations in its settings, indicating that the malware's authors are actively developing and adapting it to specific operational requirements.
ToddyCat hackers use 'disposable' malware to target Asian telecoms.
BlueNoroff hackers backdoor Macs with new ObjCShellz malware.
News URL
Related news
- New 'OtterCookie' malware used to backdoor devs in fake job offers (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- Treasury hackers also breached US foreign investments review office (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)