Cybernews reports that Windows systems have been injected with various backdoors for long-term compromise as part of a new CrashFix attack campaign.Targets have been lured to execute a command through the Windows Run dialog, which harnesses Windows tools and in-memory scripts to facilitate simultaneous delivery of various backdoors, according to an analysis from Binary Defense's threat research group ARC Labs. Apart from launching the primary Python implant that allows command execution, host reconnaissance, and further payload injections, threat actors have also launched multiple Python scripts and a reflectively loaded DLL backdoor for stealth before commencing network mapping and Active Directory targeting."By mixing scripting-based and native implants, the attacker reduced reliance on any single execution method, making complete eviction more difficult. This layered tooling aligns more closely with interactive intrusion and access brokerage operations than with single-purpose malware delivery. From a defender's perspective, this blurs the line between scripting abuse and traditional malware," said ARC Labs.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




