How real software downloads can hide remote backdoors

It starts with a simple search. You need to set up remote access to a colleague’s computer. You do a Google search for “RustDesk download,” click one of the top results, and land on a polished website with documentation, downloads, and familiar branding. You install the software, launch it, and...

📄 Backdoor.Win32.Poison.jh Remote File Hijack

This code represents an educational Metasploit module concept that demonstrates how insecure file permissions created Backdoor.Win32.Poison.jh could be abused to achieve code execution. The scenario assumes that the malware drops an executable file inside a protected Windows directory SysWOW64 wi...

PT-2025-41412

NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT...

SolarWinds Orion Platform 2019.4 HF5 / 2020.2.x < 2020.2.1 SUNBURST Malware Backdoor

The version of SolarWinds Orion Platform running on the remote host is 2019.4 HF5 or 2020.2.1 prior to 2020.2.1 HF2. It is, therefore, affected by a malware backdoor known as SUNBURST. The file SolarWinds.Orion.Core.BusinessLayer.dll that is included in these versions is known to contain a backdo...

Samples of SiliVaccine Offer Rare Peek Inside North Korea’s Antivirus Software

Two aged samples of North Korean antivirus software called SiliVaccine crib software code from a competitor and come loaded with malware and a backdoor. The two SiliVaccine samples obtained by researchers at Check Point security offer unique insight into a secretive country and how it likely...