Victory Backdoor

A new backdoor threat has been detected as part of an ongoing espionage campaign targeting entities in Southeast Asia. The malware was named Victory Backdoor by the researchers who analyzed its functionality. According to their findings, the Victory Backdoor is designed to harvest information, while also maintaining a constant access channel to the compromised devices. The functionality of the malware includes taking arbitrary screenshots, manipulating the file system - reading, renaming, creating, or deleting files on the device, siphon top-level data from opened windows, and shutting down the computer if needed. 

Years Of Development

While the Victory Backdoor is a unique malware threat, researchers were able to discover significant overlaps between it and files submitted to VirusTotal back in 2018. The way the backdoor functionality is implemented is identical effectively, but the similarities do not stop there. The files named MClient by their author and the Victory backdoor also use the same format in their connection method, as well as having identical XOR keys. It

It became apparent quickly that the MClient files were earlier test versions of the malware showing that its malicious creators spent years on its development. 

The earlier versions include an expanded set of nefarious functionalities. For example, they possessed keylogging capabilities, something that is missing from Victory Backdoor. This fact led the researchers to the conclusion that the hackers might have decided to split the capabilities of their initial malware versions into several separate modules. Doing so makes detection harder while also hampering analysis attempts. As such, additional as-of-yet undiscovered malicious modules could very well be used to escalate the attacks against the chosen targets.