Cybersecurity researchers have identified NANOREMOTE, a new Windows backdoor that uses the Google Drive API for covert command-and-control activities. It shares code similarities with the FINALDRAFT malware, attributed to the REF7707 Chinese threat cluster targeting sectors across Southeast Asia and South America. #NANOREMOTE #FINALDRAFT #REF7707
Keypoints
- NANOREMOTE is a fully-featured Windows backdoor leveraging the Google Drive API for data exchange.
- It is closely related to the FINALDRAFT malware, sharing a codebase and development environment.
- The malware is linked to the Chinese threat group REF7707, which targets government, defense, and other sectors.
- The attack chain involves a loader named WMLOADER that decrypts and launches the backdoor.
- NANOREMOTE can perform reconnaissance, execute commands, and transfer files using encrypted HTTP requests.
Read More: https://thehackernews.com/2025/12/nanoremote-malware-uses-google-drive.html