Kalambur (aka SUMBUR) trojanized ESET installer backdoor deployment
Malware Activity
Summary
Hide ▲
Show ▼
Kalambur (aka SUMBUR) was delivered through a trojanized ESET installer, creating a backdoor deployment that can open remote access on victim systems. The malware used Tor for command-and-control and could drop OpenSSH while enabling RDP on port 3389. That mix raises the risk of unauthorized access and sustained post-compromise control.
Related Happenings
PamDOORa Linux backdoor with persistent SSH access and credential theft
Malware Activity
First: 08.05.2026 11:41
Last: 08.05.2026 11:41
Sources 1
About this happening:
The **PamDOORa** backdoor has been disclosed as a **PAM-based Linux implant** that can create **persistent SSH access** and steal credentials, raising post-compromise risk on **Li...
PamDOORa Linux backdoor with persistent SSH access and credential theft
Malware ActivityAbout this happening: The **PamDOORa** backdoor has been disclosed as a **PAM-based Linux implant** that can create **persistent SSH access** and steal credentials, raising post-compromise risk on **Li...
InedibleOchotense spear phishing campaign impersonating ESET
Campaign
First: 07.11.2025 14:20
Last: 07.11.2025 14:20
Sources 1
About this happening:
The **InedibleOchotense** spear phishing campaign impersonating **ESET** delivered a **trojanized installer** and **Kalambur backdoor**, creating a direct infection risk for targe...
InedibleOchotense spear phishing campaign impersonating ESET
CampaignAbout this happening: The **InedibleOchotense** spear phishing campaign impersonating **ESET** delivered a **trojanized installer** and **Kalambur backdoor**, creating a direct infection risk for targe...
InedibleOchotense ESET-impersonation phishing campaign with trojanized installers
Campaign
First: 06.11.2025 17:31
Last: 06.11.2025 17:31
Sources 1
How related:
"InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link to a trojanized ESET installer, to multiple Ukrainian entities," ESET said in its APT Activity Report Q2 2025–Q3 2025 shared with The Hacker News.
About this happening:
A **Russia-aligned** campaign by **InedibleOchotense** sent **ESET-branded spear-phishing** lures to **multiple Ukrainian entities**, creating a malware-delivery risk. The operati...
InedibleOchotense ESET-impersonation phishing campaign with trojanized installers
CampaignHow related: "InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link to a trojanized ESET installer, to multiple Ukrainian entities," ESET said in its APT Activity Report Q2 2025–Q3 2025 shared with The Hacker News.
About this happening: A **Russia-aligned** campaign by **InedibleOchotense** sent **ESET-branded spear-phishing** lures to **multiple Ukrainian entities**, creating a malware-delivery risk. The operati...
Kimsuky HttpTroy backdoor activity against South Korean users
Malware Activity
First: 05.11.2025 04:00
Last: 05.11.2025 04:00
Sources 1
About this happening:
**Kimsuky** has deployed the **HttpTroy** backdoor against **South Korean users**, expanding a multi-stage infection chain that is designed to evade detection. The malware gives o...
Kimsuky HttpTroy backdoor activity against South Korean users
Malware ActivityAbout this happening: **Kimsuky** has deployed the **HttpTroy** backdoor against **South Korean users**, expanding a multi-stage infection chain that is designed to evade detection. The malware gives o...
BeaverTail and OtterCookie malware evolution in Contagious Interview
Malware Activity
First: 17.10.2025 16:33
Last: 17.10.2025 16:33
Sources 1
About this happening:
**Contagious Interview** malware activity tied to **North Korean threat actors** continues to evolve its npm-based delivery chain. A recent wave added **197 malicious npm packages...
BeaverTail and OtterCookie malware evolution in Contagious Interview
Malware ActivityAbout this happening: **Contagious Interview** malware activity tied to **North Korean threat actors** continues to evolve its npm-based delivery chain. A recent wave added **197 malicious npm packages...
Timeline
-
06.11.2025 17:31 2 articles · 6mo ago
Kalambur (aka SUMBUR) trojanized ESET installer backdoor deployment
Initial DisclosureIn **May 2025**, the malicious installer paired the legitimate **ESET AV Remover** with **Kalambur (aka SUMBUR)**. The first-stage payload established covert control through **Tor** before adding remote-access capabilities.
Show sources
- Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine — thehackernews.com — 06.11.2025 17:31
- Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine — thehackernews.com — 06.11.2025 17:31