Summary: The financially motivated threat actor FIN7 has been linked to a Python-based backdoor known as Anubis, which grants attackers remote access to compromised Windows systems. This malware enables a variety of malicious activities while minimizing detection risks and is delivered through malspam campaigns. Additionally, FIN7 continues to expand its capabilities and monetization strategies by promoting tools that can disable security measures.
Affected: FIN7 Cybercrime Group
Keypoints :
- FIN7, also known as Carbon Spider, utilizes the Anubis backdoor, allowing comprehensive control over infected machines.
- Anubis is delivered via malspam and propagated through compromised SharePoint sites, using a Python script for execution.
- The backdoor supports lightweight operations for keylogging, taking screenshots, and stealing passwords without directly storing malicious components on the system.
Source: https://thehackernews.com/2025/04/fin7-deploys-anubis-backdoor-to-hijack.html
Views: 22