Data Security , Malware , Threat Intelligence GoGra backdoor targets Linux, abuses Microsoft Graph API for stealthy attacks April 23, 2026 Share By SC Staff A new Linux variant of the GoGra backdoor, developed by the espionage group Harvester, is employing legitimate Microsoft infrastructure to deliver payloads stealthily through an Outlook inbox. This sophisticated malware leverages the Microsoft Graph API to access mailbox data, making it highly evasive, as reported by Bleeping Computer. The Harvester group, believed to be state-sponsored, has been active since at least 2021, targeting telecommunications, government, and IT organizations in South Asia with custom tools. The Linux GoGra backdoor, analyzed by Symantec, is distributed via ELF binaries disguised as PDF files. After gaining initial access, it establishes persistence using systemd and an XDG autostart entry. The malware then queries a specific Outlook mailbox folder for emails with subject lines starting with "Input." It decrypts the malicious content in the emails, executes commands locally, and sends encrypted results back via reply emails, deleting the original command email to evade detection. The Linux variant shares a near-identical codebase with its Windows counterpart, indicating a single developer and the Harvester group's involvement. Source: Bleeping Computer SC Staff Related Data Security Apple patches iPhone notification bug after reports of deleted data recovery SC Staff April 23, 2026 The vulnerability, identified as CVE-2026-28950, was patched on April 22, 2026, in iOS 26.4.2 and iPadOS 26.4.2, as well as in iOS 18.7.8 and iPadOS 18.7.8. Data Security Agoda refutes claims of massive data breach SC Staff April 22, 2026 Asia-centric booking platform Agoda has denied the alleged theft of 82 million records from its systems just a week after its parent firm Booking Holdings disclosed having been subjected to a Booking.com data breach that exposed user reservation details, according to Cybernews. Breach Almost 600K reportedly impacted by separate US healthcare breaches SC Staff April 22, 2026 Three healthcare providers across the U.S. were noted by the Department of Health and Human Services' breach tracker to have been impacted by separate cyberattacks last year, which have collectively compromised data from about 600,000 individuals, SecurityWeek reports. Related Events Cybercast Beyond the Hype: The Cybersecurity Trends CISOs are Keeping an Eye on in 2026 On-Demand Event Cybercast Beyond the data perimeter: Why next-generation DSPM is the foundation for modern data security On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Botnet Business Email Compromise (BEC) Cipher Covert Channels Cryptographic Algorithm or Hash Hybrid Attack Morris Worm Password Cracking Reconnaissance You can skip this ad in 5 seconds