"The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than financially motivated objectives."
"The latest activity flagged by Acronis involves deploying an evolved version of LOTUSLITE that demonstrates 'incremental improvements' over its predecessor, indicating that the malware is being actively maintained and refined by its operators."
"The starting point of the attack is a Compiled HTML (CHM) file embedding the malicious payloads - a legitimate executable and a rogue DLL - along with an HTML page that contains a pop-up which prompts the user to click 'Yes.'"
Researchers have identified a new variant of LOTUSLITE malware, which is now targeting the banking sector in India. This backdoor communicates with a command-and-control server and supports various remote operations. The malware has been linked to a Chinese nation-state group known as Mustang Panda. The latest version shows improvements and maintains a similar operational strategy as previous attacks, which involved spear-phishing tactics. The attack begins with a Compiled HTML file that executes malicious payloads, leading to data exfiltration.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]