Felismus

Felismus is a malicious software (malware) that was first identified by Symantec in March 2017. The malware, used against a target in Southeast Asia, was discovered as part of Sowbug-related activity, marking the introduction of an entirely new piece of cyber threat. This harmful program can infiltrate systems through various channels such as suspicious downloads, emails, or websites and can cause significant damage by stealing personal information, disrupting operations, or holding data hostage for ransom. The association between Felismus and the cyber espionage group, Sowbug, remained unknown until later. In September 2016, prior to the identification of Felismus, Sowbug had already infiltrated an organization in Asia. The group deployed the Felismus backdoor on one of the organization's computers, named Computer A, using the file name adobecms.exe located in CSIDL_WINDOWS\debug. This early use of Felismus revealed its deployment as a backdoor tool by the group. In subsequent attacks, there was evidence that Felismus was installed using a tool known as Starloader, which was detected by Symantec as Trojan.Starloader. Starloader was utilized to create versions of the Felismus backdoor as well as other tools, further enhancing the malware's ability to compromise systems. This illustrates the sophisticated nature of these cyber threats and the continuous evolution of methods used by cybercriminals to exploit and damage computer systems.