Curious Serpens' Backdoor: Technical Analysis, Detection and Prevention
released on 2024-03-21 @ 11:02:31 AM
This report provides a technical analysis of FalseFont, a backdoor used by the suspected Iranian threat actor Curious Serpens to target aerospace and defense sectors. The malware disguises itself as job recruitment software to trick victims into installing it. Analysis focuses on FalseFont's architecture, functionality, command and control, and credential theft capabilities. The report also discusses detection and prevention controls.