Cybersecurity researchers have identified a new campaign targeting the Russian automobile and e-commerce sectors using the CAPI Backdoor, a novel .NET malware. The attack involves phishing emails with ZIP archives and decoy documents, exploiting living-off-the-land techniques to evade detection. #CAPIBackdoor #LivingOffTheLand
Keypoints
- The CAPI Backdoor is delivered via phishing emails containing ZIP files with decoy documents.
- The malware uses a Windows shortcut (LNK) file to execute a .NET DLL through βrundll32.exeβ.li>
- The backdoor can steal browser data, capture screenshots, and exfiltrate information to a remote server.
- It employs persistence techniques such as scheduled tasks and startup folder LNK files.
- The campaign appears targeted at the Russian automobile industry, with a domain imitating carprlce[.]ru.
Read More: https://thehackernews.com/2025/10/new-net-capi-backdoor-targets-russian.html