Linux Backdoor Targeting iKuai Routers
On July 1, 2026, MalwareHunterTeam shared an ELF uploaded to VirusTotal from Japan with 0 detection. After a quick code inspection, it was evident that the ELF was a backdoor targeting specific Lin...
On July 1, 2026, MalwareHunterTeam shared an ELF uploaded to VirusTotal from Japan with 0 detection. After a quick code inspection, it was evident that the ELF was a backdoor targeting specific Lin...
On May 19, 2026, I came across an interesting ISO uploaded from UAE. The ISO is named UAE-India_Strategic_Partnership_Week.iso, and it is likely related to the defense partnership between India and...
On April 1, 2026, a zip archive named CV - Vu PLPC So2156516.zip was uploaded to VirusTotal from Vietnam. This archive contains a Microsoft Compiled HTML (CHM) file named Word Document - CV - Vu PL...
In early March, MalwareHunterTeam shared a hash associated with a Linux backdoor with 0 detection in VirusTotal. It is well known that AV engines in VirusTotal do not implement the full capability ...
On November 21, 2025, Malware Hunter Team shared an interesting sample on X, uploaded to VirusTotal from Singapore. The ZIP file in question is named China’s Governance of Rare Earths and its Globa...
On August 28, 2025, an ISO named Servicenow-BNM-Verify.iso was uploaded to VirusTotal from Malaysia with very low detections: The ISO image contains 4 files, two of them hidden. servicenow-...
On July 18, 2025, an ISO image with moderate detection was updated to VirusTotal from Hong Kong. ISO SHA2: 6573136f9b804ddc637f6be3a4536ed0013da7a5592b2f3a3cd37c0c71926365 The ISO image has a s...
On June 30, 2025, a file named deklaracja.chm (“declaration.chm”) was uploaded to VirusTotal from Poland. The file is a Microsoft Compiled HTML Help file, a proprietary online help format which ...
Back in January 2025, I reviewed a campaign delivering Havoc Demon to targets in Bangladesh, Pakistan, and China via LNK files. While hunting for new threats this month, I came across an malicious ...
While hunting for MSI installers that typically distribute Gh0stRAT and RATs that share some of the Gh0stRAT code, such as WinOS/ValleyRAT, I came across an infection chain leading to a slightly mo...