FireWood backdoor new variant with updated implementation and configuration
Malware Activity
Summary
Hide ▲
Show ▼
A new FireWood backdoor variant was identified, bringing implementation and configuration changes that may affect how the malware hides activity and accepts commands. The backdoor is associated with Gelsemium with low confidence, and its behavior still centers on a rootkit-based hiding module. The update matters because it shows a long-running backdoor family continuing to evolve while preserving stealth-oriented functionality.
Timeline
-
15.08.2025 19:20 1 articles · 9mo ago
FireWood new variant disclosed
Technical Analysis UpdateIntezer disclosed a new FireWood variant associated with Gelsemium at low confidence and said the backdoor's core functionality remained the same while its implementation and configuration changed; the FireWood family had previously been documented by ESET in November 2024 as using the usbdev.ko kernel driver rootkit module to hide processes and run attacker commands.
Show sources
- Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools — thehackernews.com — 15.08.2025 19:20