Summary: PRODAFT has identified a new Python-based backdoor called AnubisBackdoor, associated with the FIN7 group, which allows for complete control over infected computers. The malware is adept at evading traditional security defenses, remaining undetected by most antivirus solutions. Delivered via malspam campaigns and compromised SharePoint instances, AnubisBackdoor demonstrates adaptability in its execution methods, posing a significant threat to enterprise environments.
Affected: Organizations using Windows systems
Keypoints :
- Designed for complete control over infected machines with remote shell command execution.
- Employs obfuscation techniques to evade detection, although not strongly fortified.
- Delivered through malspam and compromised SharePoint instances, enhancing its stealth.
- Communicates with a command and control server using base64-encoded messages.
- Incorporates various execution methods, showcasing the attackers’ adaptability.
- Maintains a lightweight design to minimize detection risks while allowing dynamic command execution.
Source: https://securityonline.info/fin7s-new-stealth-weapon-anubisbackdoor-emerges-in-the-wild/