DRILLAPP JavaScript backdoor through Microsoft Edge
Malware Activity
Summary
Hide ▲
Show ▼
Observed in February 2026, the DRILLAPP backdoor now runs through Microsoft Edge, giving it file access plus access to the microphone, webcam, and screen capture functions that can support covert surveillance. The malware uses browser debugging features to bypass normal safety controls and reach local files and remote payloads. It also relies on Pastefy for payload retrieval and command-and-control plumbing. Later variants expanded the tool with recursive file enumeration and batch uploads.
Related Happenings
Webworm EchoCreep and GraphWorm backdoor expansion
Malware Activity
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** expanded its malware arsenal in **2025** with the custom backdoors **EchoCreep** and **GraphWorm**, increasing its ability to run stealthy **command-and-control** oper...
Webworm EchoCreep and GraphWorm backdoor expansion
Malware ActivityAbout this happening: **Webworm** expanded its malware arsenal in **2025** with the custom backdoors **EchoCreep** and **GraphWorm**, increasing its ability to run stealthy **command-and-control** oper...
DEEP#DOOR Python backdoor framework
Malware Activity
First: 30.04.2026 15:36
Last: 30.04.2026 15:36
Sources 1
About this happening:
**DEEP#DOOR** is a newly disclosed **Python-based backdoor framework** that can keep **persistent access** to compromised Windows hosts while stealing browser, SSH, and cloud cred...
DEEP#DOOR Python backdoor framework
Malware ActivityAbout this happening: **DEEP#DOOR** is a newly disclosed **Python-based backdoor framework** that can keep **persistent access** to compromised Windows hosts while stealing browser, SSH, and cloud cred...
LofyGang Minecraft LofyStealer campaign
Campaign
First: 28.04.2026 20:39
Last: 28.04.2026 20:39
Sources 1
About this happening:
The **LofyGang** crew has re-emerged with a **Minecraft-player targeting** operation that uses **LofyStealer (GrabBot)**, increasing the risk of **credential and payment-data thef...
LofyGang Minecraft LofyStealer campaign
CampaignAbout this happening: The **LofyGang** crew has re-emerged with a **Minecraft-player targeting** operation that uses **LofyStealer (GrabBot)**, increasing the risk of **credential and payment-data thef...
GopherWhisper Go-based malware toolkit with Slack, Discord, and Outlook C2
Malware Activity
First: 23.04.2026 15:06
Last: 23.04.2026 15:06
Sources 1
About this happening:
The **GopherWhisper** malware set now combines **Go-based backdoors** and **exfiltration tools** that abuse **Slack**, **Discord**, **Microsoft 365 Outlook**, and **Microsoft Grap...
GopherWhisper Go-based malware toolkit with Slack, Discord, and Outlook C2
Malware ActivityAbout this happening: The **GopherWhisper** malware set now combines **Go-based backdoors** and **exfiltration tools** that abuse **Slack**, **Discord**, **Microsoft 365 Outlook**, and **Microsoft Grap...
GoGra Linux backdoor uses Microsoft Graph API and Outlook for covert command delivery
Malware Activity
First: 22.04.2026 13:00
Last: 22.04.2026 13:00
Sources 1
About this happening:
The **GoGra** malware family now includes a **Linux backdoor variant** that uses **Microsoft Graph API** and an **Outlook inbox** for covert command delivery, making operator comm...
GoGra Linux backdoor uses Microsoft Graph API and Outlook for covert command delivery
Malware ActivityAbout this happening: The **GoGra** malware family now includes a **Linux backdoor variant** that uses **Microsoft Graph API** and an **Outlook inbox** for covert command delivery, making operator comm...
Timeline
-
16.03.2026 11:07 2 articles · 2mo ago
DRILLAPP JavaScript backdoor through Microsoft Edge
Initial DisclosureIn the first observed phase, a **Windows LNK** file creates an **HTA** in the temporary folder and pulls a remote script from **Pastefy**. The shortcut is also copied into the **Windows Startup** folder, giving the backdoor persistence after reboot.
Show sources
- DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage — thehackernews.com — 16.03.2026 11:07
- DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage — thehackernews.com — 16.03.2026 11:07