Find notable cyber news and cases, enriched with sources, timelines, and signals.

NosyDoor backdoor activity using OneDrive and Google Drive C&C

Malware Activity
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

The NosyDoor backdoor is being used to exfiltrate files and run shell commands inside compromised networks, making the LongNosedGoblin toolset more dangerous. The malware uses Microsoft OneDrive as C&C, while related tools also rely on Google Drive. The activity is tied to a broader espionage operation against governmental entities in Southeast Asia and Japan.

Related Happenings

GigaWiper / BLUERABBIT destructive Windows backdoor activity

Malware Activity
H score31 First: 09.07.2026 21:08 Last: 09.07.2026 21:08 Sources 1

About this happening: The **GigaWiper / BLUERABBIT** malware activity now combines **disk wiping**, **fake ransomware**, and **spyware backdoor** functions on **Windows**, increasing the chance that on...

Amadey and StealC shared-infrastructure malware activity

Malware Activity
H score66 First: 24.06.2026 18:02 Last: 24.06.2026 18:02 Sources 1

About this happening: The **Amadey** loader and **StealC** infostealer are being linked through shared **C&C infrastructure**, making the pair easier to coordinate and disrupt. **Amadey** helps attacke...

USB-spreading clipboard-stealing malware targeting cryptocurrency wallets

Malware Activity
H score27 First: 18.06.2026 19:20 Last: 18.06.2026 19:20 Sources 1

About this happening: A **USB-spreading** clipboard-stealing malware family is actively stealing **seed phrases**, **private keys**, and wallet addresses from **Windows** victims, putting cryptocurrenc...

SprySOCKS Windows backdoor activity against government organizations

Malware Activity
H score23 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...

AI-built ransomware toolkit with AD discovery and EDR evasion

Malware Activity
H score36 First: 02.06.2026 23:01 Last: 02.06.2026 23:01 Sources 1

About this happening: A **customer-detected** AI-built ransomware toolkit is automating **Active Directory discovery** and **EDR evasion**, increasing the chance that payloads slip past security contro...

Timeline

  1. 18.12.2025 19:34 2 articles · 6mo ago

    ESET discloses NosyDoor backdoor activity targeting government networks

    Initial Disclosure

    ESET disclosed LongNosedGoblin activity targeting governmental entities in Southeast Asia and Japan, describing NosyDoor as a backdoor that uses Microsoft OneDrive as C&C to exfiltrate files, delete files, and execute shell commands. The same toolset also included NosyHistorian, NosyStealer, NosyDownloader, and NosyLogger, and later analysis found a NosyDoor variant using Yandex Disk as C&C.

    Show sources