How to Remove DOUBLEBACK
DOUBLEBACK is a dangerous backdoor Trojan used and developed by an uncategorized threat actor tracked under the alias UNC2529. The criminals were involved in a large-scale cybercrime campaign that took place in December 2020 – their targets included a long list of companies and organizations spread across the entire world. However, the majority of their attacks were concentrated in the United States, and only a small number of targets were situated in Europe, Asia, Australia, or Africa.
The DOUBLEBACK is the last piece of a multi-stage attack campaign, which leverages three newly identified malware families – the DOUBLEDRAG Downloader, the DOUBLEDROP Dropper, and the DOUBLEBACK Backdoor that is the subject of this post.
What is special about DOUBLEBACK is that it is able to operate in fileless mode, leaving just a few traces of its activity in the Windows Registry. This makes the job of malware researchers and automated malware analysis tools more difficult since they have fewer malware fragments to work with. Thankfully, modern antivirus software is still able to easily detect and deter attacks involving fileless malware like DOUBLEBACK.
The DOUBLEBACK was delivered to targeted networks through the assistance of the two malware families mentioned above. The attack was executed with the help of phishing emails, which urged the recipient to download and review a file attachment – usually, the files were taken from public repositories associated with the target's industry, therefore making it less likely that they will suspect foul play.
Not enough data has been collected yet to determine the ultimate goal of the criminals behind the DOUBLEBACK. Judging by the type of malware they use, it is likely that their priority is data theft and espionage.