Stealth Soldier

Stealth Soldier is a previously undisclosed modular backdoor malware identified by Check Point researchers in an ongoing espionage operation against targets in North Africa, as reported on June 8, 2023. The malware exhibits multi-stage infection capabilities and is being used for surveillance and espionage operations, primarily against Libyan and Egyptian targets. The operators of the Stealth Soldier malware are believed to be politically motivated, utilizing a significant network of phishing domains to conduct their activities. The malware's modularity suggests that the attackers will likely continue to evolve their tactics and techniques, deploying new versions of this malware in the future. The infrastructure associated with Stealth Soldier shows significant overlaps with a previous campaign known as "Eye on the Nile," which targeted Egyptian civilian society in 2019. This overlap suggests a possible re-emergence of the same threat actor after a long hiatus. The Stealth Soldier backdoor features include file exfiltration, screen and microphone recording, keystroke logging, and browser information theft, making it a potent tool for cyber espionage. Check Point Research has provided Indicators of Compromise (IOCs) to aid companies in detecting and countering the Stealth Soldier threat. The malware abuses various software and languages such as Remote Utilities, hVNC, Google Ad, AutoHotkey, JavaScript, Lua, Python, Tcl, and VBS, and exploits vulnerabilities like Follina and CVE-2022-30190. It is expected that the threat actor behind Stealth Soldier will continue to pose a significant threat to North African targets and potentially expand its operations to other regions.