Kalambur (aka SUMBUR) trojanized ESET installer backdoor deployment
Malware Activity
Summary
Hide ▲
Show ▼
Kalambur (aka SUMBUR) was delivered through a trojanized ESET installer, creating a backdoor deployment that can open remote access on victim systems. The malware used Tor for command-and-control and could drop OpenSSH while enabling RDP on port 3389. That mix raises the risk of unauthorized access and sustained post-compromise control.
Related Happenings
PamDOORa Linux backdoor with persistent SSH access and credential theft
Malware Activity
H score27
First: 08.05.2026 11:41
Last: 08.05.2026 11:41
Sources 1
About this happening:
The **PamDOORa** backdoor has been disclosed as a **PAM-based Linux implant** that can create **persistent SSH access** and steal credentials, raising post-compromise risk on **Li...
PamDOORa Linux backdoor with persistent SSH access and credential theft
Malware ActivityAbout this happening: The **PamDOORa** backdoor has been disclosed as a **PAM-based Linux implant** that can create **persistent SSH access** and steal credentials, raising post-compromise risk on **Li...
InedibleOchotense spear phishing campaign impersonating ESET
Campaign
H score33
First: 07.11.2025 14:20
Last: 07.11.2025 14:20
Sources 1
About this happening:
The **InedibleOchotense** spear phishing campaign impersonating **ESET** delivered a **trojanized installer** and **Kalambur backdoor**, creating a direct infection risk for targe...
InedibleOchotense spear phishing campaign impersonating ESET
CampaignAbout this happening: The **InedibleOchotense** spear phishing campaign impersonating **ESET** delivered a **trojanized installer** and **Kalambur backdoor**, creating a direct infection risk for targe...
InedibleOchotense ESET-impersonation phishing campaign with trojanized installers
Campaign
H score32
First: 06.11.2025 17:31
Last: 06.11.2025 17:31
Sources 1
How related:
"InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link to a trojanized ESET installer, to multiple Ukrainian entities," ESET said in its APT Activity Report Q2 2025–Q3 2025 shared with The Hacker News.
About this happening:
A **Russia-aligned** campaign by **InedibleOchotense** sent **ESET-branded spear-phishing** lures to **multiple Ukrainian entities**, creating a malware-delivery risk. The operati...
InedibleOchotense ESET-impersonation phishing campaign with trojanized installers
CampaignHow related: "InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link to a trojanized ESET installer, to multiple Ukrainian entities," ESET said in its APT Activity Report Q2 2025–Q3 2025 shared with The Hacker News.
About this happening: A **Russia-aligned** campaign by **InedibleOchotense** sent **ESET-branded spear-phishing** lures to **multiple Ukrainian entities**, creating a malware-delivery risk. The operati...
Kimsuky HttpTroy backdoor activity against South Korean users
Malware Activity
H score23
First: 05.11.2025 04:00
Last: 05.11.2025 04:00
Sources 1
About this happening:
**Kimsuky** has been tied to fresh **March and April 2026** campaigns against **South Korean military and corporate entities**, using **fake security-software pages** and a **coun...
Kimsuky HttpTroy backdoor activity against South Korean users
Malware ActivityAbout this happening: **Kimsuky** has been tied to fresh **March and April 2026** campaigns against **South Korean military and corporate entities**, using **fake security-software pages** and a **coun...
BeaverTail and OtterCookie malware evolution in Contagious Interview
Malware Activity
H score31
First: 17.10.2025 16:33
Last: 17.10.2025 16:33
Sources 1
About this happening:
**Contagious Interview** malware activity tied to **North Korean threat actors** continues to evolve its delivery chain. A recent report says the operators used **recruitment- and...
BeaverTail and OtterCookie malware evolution in Contagious Interview
Malware ActivityAbout this happening: **Contagious Interview** malware activity tied to **North Korean threat actors** continues to evolve its delivery chain. A recent report says the operators used **recruitment- and...
Timeline
-
06.11.2025 17:31 2 articles · 8mo ago
Kalambur (aka SUMBUR) trojanized ESET installer backdoor deployment
Initial DisclosureIn **May 2025**, the malicious installer paired the legitimate **ESET AV Remover** with **Kalambur (aka SUMBUR)**. The first-stage payload established covert control through **Tor** before adding remote-access capabilities.
Show sources
- Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine — thehackernews.com — 06.11.2025 17:31
- Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine — thehackernews.com — 06.11.2025 17:31