Security Affairs
Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

DropboxCache Backdoor, a new Cross-Platform threat

Security experts at Kaspersky Lab have discovered a new Cross-Platform backdoor dubbed DropboxCache Backdoor ported from Linux to Window. Security experts at Kaspersky Lab have discovered a new Cross-Platform backdoor dubbed DropboxCache (Backdoor.Linux.Mokes.a), initially affecting Linux systems and now migrated to Windows. The backdoor allows attackers to gain complete control over the victim’s machine, it also […]

DropboxCache Backdoor, a new Cross-Platform threat

Security experts at Kaspersky Lab have discovered a new Cross-Platform backdoor dubbed DropboxCache Backdoor ported from Linux to Window.

Security experts at Kaspersky Lab have discovered a new Cross-Platform backdoor dubbed DropboxCache (Backdoor.Linux.Mokes.a), initially affecting Linux systems and now migrated to Windows. The backdoor allows attackers to gain complete control over the victim’s machine, it also implements a capture audio feature. To achieve the portability of the DropboxCache backdoor, authors have used C++ and Qt, a common choice in the development community.

The experts at Kaspersky noticed that the authors didn’t put effort into implement obfuscating techniques, the analysis of the source code allowed investigators to find the IP address of the command and control (C&C) server hardcoded into the source code, the malware contact the server every minute.

The authors digitally signed the code with a trusted certificate issued by COMODO RSA Code Signing CA, but Kaspersky did reveal the name of the entity that issued the certificate.

DropboxCache backdoor certificate

“Next, it connects to its hardcoded C&C Server. From this point, it performs an http request every minute. This “heartbeat” request replies with a one-byte image. To upload and receive data and commands, it connects to TCP port 433 using a custom protocol and AES encryption.”

A few days ago, the experts spotted a second backdoor called OLMyJuxM.exe(Backdoor.Win32.Mokes.imv) infecting Windows machine. The analysis of this strain of malware allowed the experts at Kaspersky to discover that this backdoor is a 32-bit Windows variant of the DropboxCache backdoor.

“Just a few days ago, we came across a rather familiar looking sample, although it was compiled for machines running Microsoft Windows. It quickly turned out to be a 32-bit Windows variant of Backdoor.Linux.Mokes.a.” continues the post.

The Windows variant of the DropboxCache backdoor uses the same filename templates to save the obtained audio captures, screenshot, keylogs and other data. Unilike the Linux variant, the strain for Windows enable the Keylogging feature at the startup.

What about the future?

Experts speculate that we will find soon a Mac OS X variant in the wild.

(Security Affairs – DropboxCache backdoor, malware)