NewApp Digest
search bot

Windows backdoor

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
BetaBeacon
May 6, 2026

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

- ScarCruft, also known as APT37 or Reaper, is a North Korean espionage group targeting government, military organizations, and companies in Asia. - BirdCall is a Windows backdoor attributed to ScarCruft, with spying capabilities such as taking screenshots and logging keystrokes. - The Android version of BirdCall collects contacts, SMS messages, call logs, and media files, and was actively developed over several months. - The BirdCall backdoor was discovered in a trojanized card game on a gaming platform tailored for ethnic Koreans living in Yanbian, China. - The attack was likely aimed at collecting information on individuals from the Yanbian region deemed of interest to the North Korean regime, such as refugees or defectors.
Novel BadSpace Windows backdoor spread via hacked websites
Winsage
June 19, 2024

Novel BadSpace Windows backdoor spread via hacked websites

Legitimate websites hacked to distribute BadSpace backdoor on Windows machines. Malicious code inserted into compromised websites triggers fake Google Chrome update pop-up window delivering BadSpace backdoor or its loader. BadSpace capabilities include system data collection, screenshot capturing, anti-sandbox checks, command execution, persistence through scheduled tasks, file manipulation, and scheduled task removal. Connection found between campaign's domains and SocGholish downloader malware. Other attack campaigns using compromised websites to host fake browser updates to disseminate remote access trojans and information-stealing malware also reported.
Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor
Winsage
June 17, 2024

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate websites compromised to distribute Windows backdoor known as BadSpace through fake browser updates. Threat actors using multi-stage attack chain involving infected websites, command-and-control servers, fake browser updates, and JScript downloader. Malware details shared by researchers kevross33 and Gi7w0rm. BadSpace includes anti-sandbox measures and establishes persistence using scheduled tasks. Other campaigns using fake browser updates on compromised sites to distribute information stealers and remote access trojans.
Search