DinDoor Backdoor Uses Deno Runtime and MSI Installers to Evade Detection

Severity: High (Score: 64.5)

Sources: Cybersecuritynews, Gbhackers

Summary

A newly identified backdoor, DinDoor, exploits the Deno JavaScript runtime and MSI installer files to execute malicious code while avoiding detection. This malware is associated with the Tsundere Botnet and leverages trusted environments to deploy fileless or low-footprint attacks in enterprise systems. By utilizing legitimate software components, DinDoor complicates traditional security measures, making it difficult for defenders to identify and mitigate the threat. The backdoor's stealthy nature allows it to infiltrate systems without raising alarms, posing a significant risk to organizations relying on these technologies. Current reports indicate that DinDoor is actively being used in targeted attacks, although specific numbers of affected systems remain undisclosed. Security professionals are urged to enhance their monitoring and detection capabilities to counter this emerging threat. Key Points: • DinDoor exploits the Deno runtime and MSI installers to deploy malware stealthily. • The backdoor is linked to the Tsundere Botnet, complicating detection efforts. • Organizations using Deno or MSI installers are particularly vulnerable to this threat.

Key Entities

• Malware (attack_type)
• DinDoor (malware)
• Tsundere Botnet (malware)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• Windows (platform)
• Deno (tool)
• MSI Installer (tool)