Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
'Hacker Door' Backdoor Resurfaces as RAT a Decade Later
Sophisticated backdoor re-emerges as a RAT more than a decade after its 2004 public release, with updated advanced malicious functionality.
1 Min Read
A sophisticated remote access Trojan (RAT) dubbed Hacker Door by researchers has appeared in active attacks and sharing many similarities to a backdoor of the same name that was released in 2004 and last updated in 2005. The new Hacker Door has updated and advanced functionality, report researchers at Cylance.
Hacker Door contains a backdoor and rootkit components. It engages in a set of typical remote commands once active, Cylance researchers say, including grabbing screenshots and files, running other processes and commands, opening Telnet and RDP servers, and stealing Windows credentials during current sessions.
Some of its functionality includes using a signed stolen certificate to evade detection by security software designed to search for unsigned code, notes a ZDNet report. Cylance researchers note Hacker Door is largely undocumented malware and has seldom been seen in the wild.
Hacker Door appears to be used by Winnti, a Chinese advanced persistent threat group, notes Cylance. And Winnti appears to be targeting the aerospace industry, the researchers discovered.
Read more about Hacker Door here.
About the Author
You May Also Like
More Insights
Webinars
Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024The Unreasonable Effectiveness of Inside Out Attack Surface Management
Dec 4, 2024
