Malware , Phishing , Threat Intelligence Silver Fox expands Asia cyber campaign with new ABCDoor malware May 5, 2026 Share By SC Staff The Hacker News reports that the China-based cybercrime group Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities. Kaspersky reported that the campaign utilized phishing emails styled as official notices regarding tax audits, prompting users to download an archive containing a "list of tax violations." Inside the archive was a modified Rust-based loader from a public repository, which then downloaded and executed the ValleyRAT backdoor. This campaign impacted organizations across the industrial, consulting, retail, and transportation sectors, with over 1,600 phishing emails flagged between early January and early February. A notable aspect is the delivery of a new ValleyRAT plugin functioning as a loader for ABCDoor, a previously undocumented Python-based backdoor active since at least December 19, 2024. The attack chain begins with a phishing email containing a PDF file with links to download a ZIP or RAR archive. The executable within the archive is a modified version of RustSL, an open-source shellcode loader. This variant unpacks encrypted malicious payloads, performs geofencing and environment checks, and can establish persistence using a method called Phantom Persistence. The ultimate goal is to download the encrypted ValleyRAT malware, which handles command-and-control communications and executes additional modules, including ABCDoor for data exfiltration and remote control. Source: The Hacker News SC Staff Related Phishing Telegram mini apps used in large-scale crypto scams and malware distribution SC Staff May 4, 2026 The FEMITBOT platform facilitates various scams, including fake cryptocurrency, financial services, AI tools, and streaming sites. Malware New botnet targets gaming servers via misconfigured Jenkins SC Staff May 4, 2026 The attackers gained initial access by abusing the scriptText endpoint of the Jenkins server, achieving remote code execution (RCE) through a Groovy script. Malware New software supply chain attack uses sleeper packages for credential theft and CI tampering SC Staff May 1, 2026 The campaign, attributed to the GitHub account "BufferZoneCorp," involved malicious Ruby gems and Go modules disguised as legitimate libraries. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting DNS Spoofing Deauthentication Attack Deepfake Dictionary Attack DumpSec Dumpster Diving Google Hacking Hybrid Attack Password Cracking You can skip this ad in 5 seconds