Windows machines are being targeted by the new BITSLOTH backdoor, which facilitates command-and-control via the Background Intelligent Transfer Service to better evade detection, according to The Hacker News.
Deployed in an attack against a South American government's foreign ministry, the latest iteration of BITSLOTH — which is believed to have been actively developed since December 2021 — has been integrated with 35 handler functions, as well as other enumeration, command-line execution, and discovery capabilities, an analysis from Elastic Security Labs showed.
Aside from enabling screen capturing, keylogging, file uploading and downloading, and command execution, BITSLOTH also allows persistence removal or reconfiguration, system reboots or shutdowns, communication mode changes, arbitrary process termination, and self-updating or deletion from the host, said researchers. They also linked the backdoor to Chinese speakers due to its logging functions and strings, as well as its utilization of the open-source tool RingQ that had been leveraged by a Chinese threat actor.