Stitch Backdoor
The Stitch Backdoor is a project created with the use of the Python programming language. The full, original source code of the software can be found on GitHub, accompanied by instructions on how to compile and use it. The author of the project states that it is intended to be used in a controlled environment for penetration testing, and malware behavior analysis – however, it is not a surprise that this disclaimer is useless when it comes to preventing cybercriminals from misappropriating the project and modifying it according to their own needs. Both low-profile and high-profile cybercriminals have been spotted using the Stitch Backdoor in the past few years, and, unfortunately, this threat's activity levels continue to grow in 2020.
The Holy Water APT Employed the Stitch Backdoor in Attacks against Ethnic Groups in Asia
One of the most infamous threat actors to use the Stitch Backdoor is the Water Hole APT (Advanced Persistent Threat) group. The version of the Stitch Backdoor utilized by Holy Water APT hackers has been modified slightly to add additional features on top of the original ones – their variant is able to update itself automatically, and gain persistence by setting up a fake 'AdobeUpdater' Scheduled Task. Another noteworthy change found in Water Hole's variant of the Stitch Backdoor is that it downloads a legitimate Adobe Flash installer from the control server – this might mean that the software is being propagated as a fake Adobe Flash Player installer or updater.
Of course, while cybercriminals may extend the functionality of the Stitch Backdoor, it is important to mention the core features of this implant. According to the official project page, the Stitch Backdoor has the following abilities:
- Keylogger module.
- Modify the Windows 'hosts' file.
- Turn monitors on and off.
- Modify, delete and hide files or directories.
- File upload & download.
- Grab screenshots.
- Send remote commands.
- Initialize more payloads.
- Display fake password prompts.
- Collect files used by Web browsers like Google Chrome.
- Enable/disable Windows Services.
- Use the webcam or microphone (if available).
- Compatibility with OSX and Linux.
Despite being open-source, the Stitch Backdoor is still a very advanced project that many cybercriminals use. It is best to protect your systems from an eventual attack by using an up-to-date anti-malware solution and firewall service. On top of these security measures, you also should learn to browse the Web in a safer manner by avoiding suspicious websites and files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.