Trac-Labs, a group of researchers dedicated to combating cybercrime, has issued an alert about a growing threat on the Windows backdoor scene. The “smoked ham” backdoor, which is not new but has seen increased activity, is linked to UNC2465, a past affiliate of the now-defunct Darkside ransomware group. This latest development suggests that the threat remains active and poses a risk to users.
The threat actors behind smoked ham use tactics such as phishing emails and malvertising campaigns to spread their payload. They also exploit legitimate tools and services like Google Drive and Dropbox to host malicious files.
Researchers found that UNC2465 leverages penetration testing tools for network reconnaissance and uses the remote desktop protocol for lateral movement within targeted networks. The Mimikatz tool is used to harvest credentials.
The Trac-Labs report highlights the importance of ongoing security measures to defend against this threat. Major companies like Microsoft, Google, and Dropbox have security protocols in place to prevent malicious advertising and file hosting. However, users must remain vigilant and be cautious when receiving phishing emails or encountering suspicious ads.
Source: https://www.forbes.com/sites/daveywinder/2024/12/03/new-windows-backdoor-security-warning-for-bing-dropbox-google-users