ACBackdoor
Malware developers target multiple operating systems with their malware rarely. One of the main reasons for this is that Linux systems are not spread that widely, and targeting them with malware is not always a profitable task. However, the authors of the new ACBackdoor appear to be experts when it comes to developing Linux-compatible malware – cybersecurity researchers note that the Linux version of ACBackdoor was written very well, and packs remarkable features such as fileless code execution and the ability to manipulate the properties of running processes. Besides being able to run on Linux, the ACBackdoor also is compatible with the Windows operating system, but it is important to mention that the Windows version appears to be implemented poorly compared to its Linux counterpart. This leads malware researchers to suspect that the threat actor behind the ACBackdoor specializes in Linux malware, but they may be trying to diversify their portfolio by porting some of their malware to Windows.
The Fallout EK Spreads the ACBackdoor
The ACBackdoor was first spotted when the Fallout Exploit Kit (Fallout EK) was seen distributing an unknown piece of malware – the sue of the Fallout Exploit Kit is evidence that the criminals behind the ACBackdoor project are not new to the scene, and they have the necessary funding to afford the use of a high-profile exploit kit.
After the ACBackdoor is executed, it will collect basic system information and then transfer it to the attacker's control server via HTTPS. The malware attempts to gain persistence on Windows computers by creating a new Windows Registry key, and masquerading as a 'Microsoft Anti-Spyware Utility.' In the meantime, the Linux version tries to stay stealthy by calling itself an 'Ubuntu Release Update Utility.'
The ACBackdoor is very simple in terms of functionality, but it does support all primary features found in most backdoor Trojans:
- It can collect and transmit details about the compromised system via the 'info' command.
- It can run remote shell commands via the 'run' command.
- It can transfer and run files from the control server via the 'execute' command.
- It can update itself via the 'update' command.
It is still not clear if the ACBackdoor malware targets a specific group of users, or if its authors are opting for quantity over quality. As usual, the best way to protect your Windows system from this threat is to invest in the services of a trustworthy and up-to-date anti-malware tool.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.