Saitama Backdoor

By CagedTech in Backdoors

Translate To:

Cybersecurity researchers have uncovered a new backdoor threat that is being spread via weaponized email attachments. Named the Saitama Backdoor, the purpose of the threat is to establish a foothold on the targeted system and allow the attackers to further expand their reach with next-stage payloads.

The Saitama Backdoor threat is written in .NET and exploits DNS protocol, as means of communicating with its Command-and-Control (C2, C&C) servers. Once deployed to the system, the threat can recognize and execute over 20 incoming commands from the attackers. The threat actors can utilize Saitama to collect various system information, such as IP address and OS version, as well as details about the currently active user, including their group and privileges.

However, the main functionality of Saitama is the ability to manipulate the file system on the breached device. The malware threat can select chosen files and exfiltrate them to the C2 servers. Inversely, it also can fetch and deploy additional files to the system, including more malware payloads. Depending on the specific goal of the attackers, they can deliver more specialized information collectors, ransomware, crypto-miners or other malware types to the victim's device.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Saitama Backdoor

Submit Comment

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen