Badcall is a malicious software (malware) that has been identified as a backdoor for Linux and Windows systems. It was first linked to the North Korean group, Gleaming Pisces, by ESET in their analysis report published on April 20, 2023. The malware has the ability to infiltrate computer systems via suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom.
ESET found similarities between Badcall and two other malware types: POOLRAT and SimplexTea. POOLRAT is another backdoor for Linux, while SimplexTea is a known North Korean backdoor for Windows computers. One of the key similarities identified was the use of the same set of domains as a front for TLS connections, suggesting that these different malware types may be part of a coordinated effort by the same threat actor.
Furthermore, the Badcall backdoor was found to have the same appearance as a previously identified Windows trojan associated with Gleaming Pisces. This further strengthens the link between this group and the malware. Written in C++, Badcall represents a significant cybersecurity threat due to its stealthy infiltration methods and potentially destructive capabilities. As such, organizations are advised to remain vigilant and adopt robust security measures to protect against such threats.
Description last updated: 2024-09-19T02:16:39.108Z