Plead Backdoor

A spear phishing campaign using misappropriated digital certificates is used to disseminate a threatening malware that was named the Plead Backdoor, due to its capacity of opening a backdoor on the infected system. The Plead backdoor is controlled by a well-known cyber espionage group, the BlackTech group that targets Asia mainly. By using this backdoor, third parties can install a password stealer related to the Plead Backdoor and collect the computer users' passwords for the most popular Web browsers in use, such as Mozilla Firefox, Google Chrome, Internet Explorer, Outlook and others. To obtain persistence and be loaded each time the infected machine boots up, the Plead Backdoor installs a compact, encrypted binary blob by using a remote server or enables it from a local disk, which includes an encrypted shell code that downloads and runs the backdoor module.

The attack performed by the Plead Backdoor is hard to be detected by security specialists because it is not easy to gather evidence that can prove its existence. The Plead backdoor attacks can compromise poorly-protected routers and use them as the threat's Command and Control servers. If security specialists can have a hard time detecting the Plead Backdoor attack, network admins even the ones tech-savvy will have even more difficulties to detect it until it may be too late. However, they can avoid been infected by keeping their software always updated and adopting severe security policies concerning their computers.