Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed
Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign.
"Deadglyph's architecture is unusual as it consists of cooperating components – one a native x64 binary, the other a .NET assembly," ESET
said in a
new report shared with The Hacker News.
"This combination is unusual because malware typically uses only one programming language for its components. This difference might indicate separate development of those two components while also taking advantage of unique features of the distinct programming languages they utilize."
It's also suspected that the use of different programming languages is a deliberate tactic to hinder analysis, making it a lot more challenging to navigate and debug.
Unlike other traditional backdoors of its kind, the commands are received from an actor-controlled server in the form of additional modules that allow it to create new processes, read files, and collect information from the compromised systems.
