""KSwapDoor is a professionally engineered remote access tool designed with stealth in mind,""
""It builds an internal mesh network, allowing compromised servers to talk to each other and evade security blocks. It uses military-grade encryption to hide its communications and, most alarmingly, features a 'sleeper' mode that lets attackers bypass firewalls by waking the malware up with a secret, invisible signal.""
React2Shell vulnerabilities are being exploited to deliver remote-access malware families KSwapDoor and ZnDoor. KSwapDoor provides an interactive shell, command execution, file operations, lateral movement scanning, and impersonates a Linux kernel swap daemon to evade detection. KSwapDoor establishes an internal mesh network among compromised servers, uses military-grade encryption for communications, and includes a sleeper mode that can be awakened by a hidden signal to bypass firewalls. ZnDoor has been observed in the wild since December 2023 and is deployed via bash commands that fetch and execute payloads. ZnDoor connects to attacker infrastructure and supports multiple remote commands for system control and file management.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]