LotusLite backdoor delivered via DLL sideloading
Malware Activity
Summary
Hide ▲
Show ▼
The LotusLite backdoor is being delivered through malicious files and DLL sideloading, creating a remote-access malware activity that supports espionage. The operation affects targets in India, Korea, and the US. After execution, the payload can establish shells, access files, and carry out remote tasks. The malware is also being lightly modified and disguised to reduce detection and appear legitimate.
Related Happenings
FDMTP 3.2.5.1 modular backdoor activity in Asia-Pacific and Japan
Malware Activity
First: 14.05.2026 18:00
Last: 14.05.2026 18:00
Sources 1
About this happening:
An updated **FDMTP backdoor** variant is active in a **months-long espionage operation** against **Asia-Pacific and Japan** networks, increasing the risk of stealthy remote access...
FDMTP 3.2.5.1 modular backdoor activity in Asia-Pacific and Japan
Malware ActivityAbout this happening: An updated **FDMTP backdoor** variant is active in a **months-long espionage operation** against **Asia-Pacific and Japan** networks, increasing the risk of stealthy remote access...
Mustang Panda Asia-Pacific and Japan CDN impersonation espionage campaign
Campaign
First: 14.05.2026 18:00
Last: 14.05.2026 18:00
Sources 1
About this happening:
A **Mustang Panda** espionage campaign used **CDN impersonation** and **DLL sideloading** to target **Asia-Pacific and Japan** networks, extending from **late September 2025 throu...
Mustang Panda Asia-Pacific and Japan CDN impersonation espionage campaign
CampaignAbout this happening: A **Mustang Panda** espionage campaign used **CDN impersonation** and **DLL sideloading** to target **Asia-Pacific and Japan** networks, extending from **late September 2025 throu...
LOTUSLITE evolved backdoor activity in India banking-sector targeting
Malware Activity
First: 22.04.2026 10:58
Last: 22.04.2026 10:58
Sources 1
About this happening:
An **evolved LOTUSLITE** backdoor is now being deployed with **remote shell**, **file operations**, **session management**, and **data exfiltration** capabilities, extending an **...
LOTUSLITE evolved backdoor activity in India banking-sector targeting
Malware ActivityAbout this happening: An **evolved LOTUSLITE** backdoor is now being deployed with **remote shell**, **file operations**, **session management**, and **data exfiltration** capabilities, extending an **...
Mustang Panda spear-phishing campaign targeting Indian banks and US-Korea policy circles
Campaign
First: 21.04.2026 15:00
Last: 21.04.2026 15:00
Sources 1
How related:
Square that with its most newly discovered campaign, which employs no interesting TTPs, and though partly focused against American and Korean public policy circles, is aimed largely at financial organizations in India.
About this happening:
**Mustang Panda** launched a newly identified **spear-phishing campaign** that is aimed largely at **financial organizations in India** and also reaches **US-Korea public policy c...
Mustang Panda spear-phishing campaign targeting Indian banks and US-Korea policy circles
CampaignHow related: Square that with its most newly discovered campaign, which employs no interesting TTPs, and though partly focused against American and Korean public policy circles, is aimed largely at financial organizations in India.
About this happening: **Mustang Panda** launched a newly identified **spear-phishing campaign** that is aimed largely at **financial organizations in India** and also reaches **US-Korea public policy c...
CRESCENTHARVEST Windows RAT and info-stealer activity
Malware Activity
First: 19.02.2026 10:13
Last: 19.02.2026 10:13
Sources 1
About this happening:
The **CRESCENTHARVEST** malware activity centers on **version.dll**, a **Windows RAT and information stealer** that can execute commands, log keystrokes, and exfiltrate data. It m...
CRESCENTHARVEST Windows RAT and info-stealer activity
Malware ActivityAbout this happening: The **CRESCENTHARVEST** malware activity centers on **version.dll**, a **Windows RAT and information stealer** that can execute commands, log keystrokes, and exfiltrate data. It m...
Timeline
-
21.04.2026 15:00 2 articles · 1mo ago
Mustang Panda campaign targets Indian banks and US-Korea policy circles
Initial DisclosureA new Mustang Panda campaign targeted India's banking sector and, in part, US-Korea policy circles. The lure chain used spear-phishing, a malicious file, DLL sideloading, and Windows Registry persistence to deliver a LotusLite backdoor variant with minor edits to evade detection. The payload was disguised as HDFC Bank software, and the same campaign also appears to have reached Korean and American targets.
Show sources
- Chinese APT Targets Indian Banks, Korean Policy Circles — www.darkreading.com — 21.04.2026 15:00
- Chinese APT Targets Indian Banks, Korean Policy Circles — www.darkreading.com — 21.04.2026 15:00