Confucius Targets Pakistan with WooperStealer and Anondoor Malware

First reported

02.10.2025 17:44

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The threat actor Confucius has launched a new phishing campaign targeting Pakistan, deploying WooperStealer and Anondoor malware. The campaign has targeted government agencies, military organizations, defense contractors, and critical industries since at least December 2024. The attacks use spear-phishing and malicious documents to deliver malware that steals sensitive data and exfiltrates device information.

Timeline

02.10.2025 17:44 1 articles · 11h ago

Confucius Launches Phishing Campaign Targeting Pakistan with WooperStealer and Anondoor
Confucius has been actively targeting Pakistan with a new phishing campaign since December 2024. The campaign uses spear-phishing and malicious documents to deliver WooperStealer and Anondoor malware. The attacks have employed .PPSX and .LNK files to deliver the malware via DLL side-loading techniques. The malware is designed to steal sensitive data and exfiltrate device information, demonstrating the group's adaptability and persistence.
Show sources

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware — thehackernews.com — 02.10.2025 17:44
Open in new tab

Information Snippets

Confucius has been active since 2013, primarily targeting South Asia.
First reported: 02.10.2025 17:44

1 source, 1 article
Show sources
- Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware — thehackernews.com — 02.10.2025 17:44
The December 2024 attack used a .PPSX file to deliver WooperStealer via DLL side-loading.
First reported: 02.10.2025 17:44

1 source, 1 article
Show sources
- Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware — thehackernews.com — 02.10.2025 17:44
The March 2025 attack used .LNK files to deliver WooperStealer via DLL side-loading.
First reported: 02.10.2025 17:44

1 source, 1 article
Show sources
- Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware — thehackernews.com — 02.10.2025 17:44
The August 2025 attack used .LNK files to deliver Anondoor via DLL side-loading.
First reported: 02.10.2025 17:44

1 source, 1 article
Show sources
- Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware — thehackernews.com — 02.10.2025 17:44
Anondoor is a Python-based backdoor designed to exfiltrate device information and execute commands.
First reported: 02.10.2025 17:44

1 source, 1 article
Show sources
- Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware — thehackernews.com — 02.10.2025 17:44
Confucius employs obfuscation techniques to evade detection and adapts its toolset to align with shifting intelligence-gathering priorities.
First reported: 02.10.2025 17:44

1 source, 1 article
Show sources
- Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware — thehackernews.com — 02.10.2025 17:44

Summary

Timeline

Confucius Launches Phishing Campaign Targeting Pakistan with WooperStealer and Anondoor

Information Snippets