June 18, 2024 at 12:36PM
A new backdoor named BadSpace uses a multi-stage attack that involves infected WordPress sites. It is distributed similarly to the SocGholish malware and is associated with the cybercrime group Evil Corp. BadSpace’s delivery chain starts with an infected website, deploying the backdoor through a fake browser update notification and JavaScript downloader. Security researchers have identified three C&C servers and found that BadSpace supports seven different commands.
From the meeting notes, it is evident that a new backdoor named BadSpace has been identified, utilizing a multi-stage attack chain through infected WordPress websites. Security firm G Data CyberDefense has reported this discovery. The delivery chain involves the victim accessing an infected website, which triggers the deployment of the malware. The backdoor employs various techniques to evade detection, establishes command-and-control communication, and supports seven different commands, including querying system information and taking screenshots. Additionally, the meeting notes contain related articles and information on other backdoors discovered in WordPress plugins and software.