In March 2025, a security vulnerability in Google Chrome, tracked as CVE-2025-2783, was exploited by the hacking group TaxOff to install a backdoor named Trinper. The phishing campaign targeted Russian organizations via emails disguised as forum invitations. Researchers found that the backdoor, developed in C++, can perform various malicious activities, including keylogging, file collection, and remote command execution. Google patched the vulnerability after it was reported by Kaspersky, highlighting the growing concern of sophisticated cyber threats.
A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper.
The initial attack vector was a phishing email containing a malicious link... it triggered a one-click exploit (CVE-2025-2783), leading to the installation of the Trinper backdoor.
Designed in C++, the backdoor utilizes multithreading to capture victim host information, record key strokes... and establish a connection with a remote server.
Multithreading provides a high degree of parallelism to hide the backdoor while retaining the ability to collect and exfiltrate data.
Collection
[
|
...
]