A new custom backdoor dubbed Stealth Soldier has been deployed as part of a set of highly-targeted espionage attacks in North Africa. "Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information," cybersecurity company Check Point said in a technical report. The attacks commence with potential targets downloading bogus downloader binaries that are delivered via social engineering attacks and act as a conduit for retrieving Stealth Soldier, while simultaneously displaying a decoy empty PDF file. Join the SessionWhat's more, the Stealth Soldier infrastructure exhibits overlaps with infrastructure associated with another phishing campaign dubbed Eye on the Nile, which targeted Egyptian journalists and human rights activists in 2019. The development signals the "first possible re-appearance of this threat actor" since then, suggesting the group is geared towards surveillance against Egyptian and Libyan targets.

Source: The North Africa Journal June 09, 2023 06:06 UTC