A New Customized Backdoor Targets North Africa with Espionage Assaults



Jun 09, 2023Ravie LakshmananCyber Espionage / APT

Stealth Soldier

A brand new customized backdoor dubbed Stealth Soldier has been deployed as a part of a set of highly-targeted espionage assaults in North Africa.

“Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance capabilities corresponding to file exfiltration, display screen and microphone recording, keystroke logging and stealing browser info,” cybersecurity firm Test Level mentioned in a technical report.

The continued operation is characterised by way of command-and-control (C&C) servers that mimic websites belonging to the Libyan Ministry of Overseas Affairs. The earliest artifacts related to the marketing campaign date again to October 2022.


The assaults start with potential targets downloading bogus downloader binaries which might be delivered through social engineering assaults and act as a conduit for retrieving Stealth Soldier, whereas concurrently displaying a decoy empty PDF file.

The customized modular implant, which is believed for use sparingly, permits surveillance capabilities by gathering listing listings and browser credentials, logging keystrokes, recording microphone audio, taking screenshots, importing recordsdata, and operating PowerShell instructions.

Stealth Soldier

“The malware makes use of several types of instructions: some are plugins which might be downloaded from the C&C and a few are modules contained in the malware,” Test Level mentioned, including the invention of three variations of Stealth Soldier signifies that it is being actively maintained by its operators.

A few of the parts are now not obtainable for retrieval, however the display screen seize and browser credential stealer plugins are mentioned to have been impressed by open supply tasks obtainable on GitHub.


? Mastering API Safety: Understanding Your True Assault Floor

Uncover the untapped vulnerabilities in your API ecosystem and take proactive steps in direction of ironclad safety. Be part of our insightful webinar!

Be part of the Session

What’s extra, the Stealth Soldier infrastructure displays overlaps with infrastructure related to one other phishing marketing campaign dubbed Eye on the Nile, which focused Egyptian journalists and human rights activists in 2019.

The event indicators the “first attainable re-appearance of this menace actor” since then, suggesting the group is geared in direction of surveillance in opposition to Egyptian and Libyan targets.

“Given the modularity of the malware and the usage of a number of phases of an infection, it’s seemingly that the attackers will proceed to evolve their ways and methods and deploy new variations of this malware within the close to future,” Test Level mentioned.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.