A powerful new malware backdoor is targeting governments across the world

News
By published

StealthFalcon is back with brand new modular malware.

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Cybersecurity researchers from ESET have discovered a new, sophisticated piece of malware targeting government organizations in the Middle East. 

The malware is dubbed Deadglyph, and apparently is the work of Stealth Falcon APT, a state-sponsored threat actor allegedly from the United Arab Emirates (UAE). This group is also known among some researchers as Project Raven, or FruityArmor, BleepingComputer reports, and targets political activists, journalists, dissidents, and similar individuals. 

In its technical writeup, ESET’s researchers explained that Deadglyph is a modular piece of malware, capable of receiving additional modules from its command & control (C2) server, depending on what the operators look to grab from the target endpoint. The modules can use both Windows and custom Executor APIs, meaning the threat actors can use at least a dozen functions. Some of them include loading executable files, accessing Token Impersonation, running encryption, hashing, and more.

Multiple modules

ESET analyzed three modules - a process creator, an information collector, and a file reader. The collector, for example, can tell the threat actors which operating system the victim is using, which network adapters the endpoint has, which software and drivers it has installed, and more. The researchers believe up to 14 modules are available. 

There is no word on potential targets, other than the malware was found on a device belonging to a government firm. Earlier reports, however, describe Stealth Falcon as a decade-old threat actor (in operation since at least 2012) that targets political activists and journalists - not government employees. 

In 2019, ESET analyzed one of StealthFalcon’s campaigns, concluding that the targets, although small in number, were scattered around the world - in UAE, Saudi Arabia, Thailand, and the Netherlands. In the latter, though, the group targeted a diplomatic mission of a Middle Eastern country. 

At the moment there is no information on how the hackers managed to infiltrate the target devices. For now, IT teams can only use indicators of compromise published here

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Red padlock open on electric circuits network dark red background
Aviation firms hit by devious new polyglot malware
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
Microsoft Outlook targeted by new malware attacks allowing sneaky hijacking
Close up of the Linux penguin.
A new Linux backdoor is hitting US universities and governments
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Juniper VPN gateways targeted by stealthy "magic" malware
Image of laptop infected with malware threat
This devious new macOS malware disguises itself as Chrome, Zoom installers
China
Chinese hackers develop effective new hacking technique to go after business networks
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
Trojan
WhatsApp patches security flaw which let hackers install spyware
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
Latest in News
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way
A image of Saros character Arjun
Housemarque’s boss is surprisingly positive about Sony’s acquisition – and it’s good news for Saros
Oura Ring 4
One of Apple's top health execs is ditching the company for Oura, and I've never been more convinced smart rings are the future
Nvidia logo
Nvidia RTX 5060 Ti could be delayed to mid-April and RTX 5060 to mid-May – is AMD starting to look like a clear winner in the battle of Blackwell vs RDNA 4 GPUs?
The A Minecraft Movie Meal from McDonald's.
McDonald's reveals A Minecraft Movie meal with a bizarre set of collectibles and the most sinister sounding sauce ever
Apple iPhone 16e REVIEW
The iPhone 16e’s 5G performance seemingly has the iPhone 16’s beat
More about security
WordPress on a laptop

Over 20,000 WordPress sites hit by damaging malware campaign
An American flag flying outside the US Capitol building against a blue sky

Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Trojan

WhatsApp patches security flaw which let hackers install spyware
See more latest
Most Popular
Trojan
WhatsApp patches security flaw which let hackers install spyware
God of War 20th anniversary vinyl box set.
The God of War 20th anniversary vinyl box set features 13 discs and 150 remastered songs
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way
A image of Saros character Arjun
Housemarque’s boss is surprisingly positive about Sony’s acquisition – and it’s good news for Saros
Oura Ring 4
One of Apple's top health execs is ditching the company for Oura, and I've never been more convinced smart rings are the future
The A Minecraft Movie Meal from McDonald's.
McDonald's reveals A Minecraft Movie meal with a bizarre set of collectibles and the most sinister sounding sauce ever
Apple iPhone 16e REVIEW
The iPhone 16e’s 5G performance seemingly has the iPhone 16’s beat
Assassin's Creed Shadows
I was already sold on Assassin's Creed Shadows on PS5 Pro, but now the devs are teasing that the game will soon get a boost from PSSR
Smeg kettle and toaster in Jade Green on kitchen counter with spiced tea
Smeg's color of the year is like a Venetian canal winding through your kitchen, and it's making me want to hop in a gondola
A representative abstraction of artificial intelligence
Researchers want to give some common sense to AI to turn it into artificial general intelligence