Home Malware Programs Malware Rifdoor

Rifdoor

Posted: April 21, 2020

Rifdoor is one of the signature pieces of malware used by the Andariel hackers. Andariel is considered to be a sub-division of the infamous Lazarus group, and they are mostly known for their long-term espionage and reconnaissance operations against South Korean targets. Rifdoor is a multi-purpose backdoor Trojan that has the ability to provide its operators with long-term access to the compromised host by allowing them to execute remote commands, as well as to load additional attack modules. In one of 2019's attack campaigns, Andariel managed to deploy a variant of the Rifdoor malware that was signed with a security certificate belonging to a renowned South Korean security software vendor.

Since Rifdoor is used in the attacks of a high-profile Advanced Persistent Threat (APT) group, it is okay to say that it is unlikely to be deployed in attacks against regular users. Instead, the Andariel hackers are likely to go after high-value targets since they frequently focus on government, diplomatic, and defense contractor targets, especially.

Although Rifdoor is one of the earliest pieces of malware associated with Andariel's activity, it is still being used to this very day because of the frequent updates that this malware family receives. It is highly unlikely that Andariel will opt to part with Rifdoor, and it is safe to assume that this backdoor Trojan will continue to be used in the hackers' future attacks.

Loading...