Experts from Kaspersky Lab have discovered a new backdoor, GhostContainer, which operates on open-source tools. Researchers believe that the emergence of this malware may be part of a sophisticated targeted campaign aimed at large organizations in Asia, including high-tech enterprises. The attackers are presumably focused on cyber espionage.
The malware was discovered during the response to an incident related to attacks on Exchange infrastructure in the public sector. Researchers took note of the file App_Web_Container_1.dll, which turned out to be a complex, multifunctional backdoor based on several open-source projects.
The malware is capable of dynamically expanding and acquiring new functionality by loading additional modules.
The installation of the backdoor gives attackers full control over the Exchange server, which opens up significant possibilities for further malicious activity. The malware employs various methods to evade detection and disguises itself as a server component to blend in with standard operations.
The backdoor is capable of functioning as a proxy server or tunnel, which, according to experts, exposes the entire internal network of a company to external threats, as well as creating a risk of confidential data leakage.
“Our research has shown that the attackers are technically well-versed: they understand the vulnerabilities of Exchange systems and are capable of creating and refining complex spying tools based on publicly available code. Although the first incidents were recorded in Asia, there is a possibility that the attackers could use the discovered malware in other regions. While there is not enough information to attribute GhostContainer to any known group at this time, we will continue to monitor the backdoor’s activity to better understand the cyber threat landscape,” comments Sergey Lozhkin, head of GReAT in the APAC and META regions.
2025.04.23 — Improper authentication control vulnerability affects ASUS routers with AiCloud
ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices. The issue…
Full article →
2025.01.27 — YouTube plays hour-long ads to users with ad blockers
Users complain that YouTube plays very long unskippable ads. Sometimes such ads are longer than the video the person is watching. The issue was raised…
Full article →
2025.04.16 — Android devices will restart every three days to protect user data
Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an…
Full article →
2025.01.29 — Google to disable Sync in older Chrome versions
Google announced that in early 2025, Chrome Sync will be disabled in Chrome versions older than four years. Chrome Sync enables users to save and sync their…
Full article →
2025.02.20 — Newly-discovered vulnerabilities in OpenSSH open the door to MiTM and DoS attacks
OpenSSH fixed two vulnerabilities that could result in MiTM and denial of service (DoS) attacks. Interestingly, one of these bugs appeared in the code more than 10…
Full article →
2025.02.06 — Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello
Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…
Full article →
2025.01.27 — Zyxel firewalls reboot due to flawed update
Zyxel warned its customers that a recent signature update may cause critical errors in USG FLEX and ATP series firewalls. As a result, devices go into…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →