The most current iteration of the backdoor has 35 handler functions including keylogging and screen capture capabilities, along with features for discovery, enumeration, and command-line execution.
The newly identified malware BITSLOTH has been in development since December 2021, suspected for data gathering, with connections to Chinese speakers through source code analysis and the use of RingQ for encryption.
A security report in June 2024 revealed exploitation of vulnerable web servers to drop web shells for delivering payloads, including a cryptocurrency miner, with Chinese-speaking threat actors utilizing STOWAWAY and iox for C2 traffic.
[
Collection
]
[
|
...
]