Find notable cyber news and cases, enriched with sources, timelines, and signals.

DRILLAPP JavaScript backdoor through Microsoft Edge

Malware Activity
First reported
Last updated
Happening score
H score 24
1 unique sources, 1 articles

Summary

Hide ▲

Observed in February 2026, the DRILLAPP backdoor now runs through Microsoft Edge, giving it file access plus access to the microphone, webcam, and screen capture functions that can support covert surveillance. The malware uses browser debugging features to bypass normal safety controls and reach local files and remote payloads. It also relies on Pastefy for payload retrieval and command-and-control plumbing. Later variants expanded the tool with recursive file enumeration and batch uploads.

Related Happenings

GigaWiper / BLUERABBIT destructive Windows backdoor activity

Malware Activity
H score31 First: 09.07.2026 21:08 Last: 09.07.2026 21:08 Sources 1

About this happening: The **GigaWiper / BLUERABBIT** malware activity now combines **disk wiping**, **fake ransomware**, and **spyware backdoor** functions on **Windows**, increasing the chance that on...

Silent Swap browser-extension clipboard clipper

Malware Activity
H score36 First: 30.06.2026 18:40 Last: 30.06.2026 18:40 Sources 1

About this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...

Mistic backdoor deployment via ClickFix and DLL side-loading

Malware Activity
H score22 First: 25.06.2026 11:54 Last: 25.06.2026 11:54 Sources 1

About this happening: The **Mistic** backdoor is being used in **financially motivated attacks** against organizations across **insurance, education, IT, and professional services**, raising the risk o...

Edgecution malicious Microsoft Edge extension backdoor activity

Malware Activity
H score23 First: 24.06.2026 23:58 Last: 24.06.2026 23:58 Sources 1

About this happening: The **Edgecution** malware is extending a **Microsoft Edge** browser foothold into host-level compromise by abusing **Chrome Native Messaging** and launching a **Python-based back...

Microsoft AutoGen Studio AutoJack MCP WebSocket command execution security flaw

Vulnerability
H score33 First: 22.06.2026 20:28 Last: 22.06.2026 20:28 Sources 1

About this happening: Microsoft’s **AutoJack** chain exposed **AutoGen Studio** to **arbitrary command execution** for developers building from the main GitHub branch before the hardening commit.

Timeline

  1. 16.03.2026 11:07 2 articles · 3mo ago

    DRILLAPP JavaScript backdoor through Microsoft Edge

    Initial Disclosure

    In the first observed phase, a **Windows LNK** file creates an **HTA** in the temporary folder and pulls a remote script from **Pastefy**. The shortcut is also copied into the **Windows Startup** folder, giving the backdoor persistence after reboot.

    Show sources