Security News > 2024 > August > New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication

Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service as a command-and-control mechanism.

The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Labs, which made the discovery on June 25, 2024, in connection with a cyber attack targeting an unspecified Foreign Ministry of a South American government.

BITSLOTH contains many different features for discovery, enumeration, and command-line execution."

"In the latest version, a new scheduling component was added by the developer to control specific times when BITSLOTH should operate in a victim environment," the researchers said.

A fully-featured backdoor, BITSLOTH is capable of running and executing commands, uploading and downloading files, performing enumeration and discovery, and harvesting sensitive data through keylogging and screen capturing.

A defining aspect of the malware is its use of BITS for C2. "This medium is appealing to adversaries because many organizations still struggle to monitor BITS network traffic and detect unusual BITS jobs," the researchers added.

News URL

https://thehackernews.com/2024/08/new-windows-backdoor-bitsloth-exploits.html