APT41 Delivers ‘Undetectable’ Backdoor to Steal Cloud Credentials

The China-backed threat group APT41 is utilizing a ‘zero-detection’ backdoor to target cloud environments like AWS, Google, Azure, and Alibaba, aiming to harvest credentials. This sophisticated malware, written in ELF format, employs typosquatting and uses SMTP port 25 for covert command-and-control (C2), making its activity exceptionally difficult to detect.