The OldGremlin Ransomware Gang Seeks Victim with the TinyFluff Backdoor

Advanced Persistent Threat (APT) actors do not always show remarkable activities. Some of them prefer to go after a few, highly-targeted attacks that could yield immense returns if executed successfully. This is the exact strategy that the hackers known as OldGremlin rely on. They have been previously involved in several ransomware attacks, typically carried out against businesses and enterprises based in Russia. However, the frequency of their attacks is very low – only five were carried out in 2021. Furthermore, the group has been silent for nearly a year – until now.

Recently, malware experts came across a new backdoor Trojan that has been dubbed the TinyFluff Backdoor. It appears to share similarities with previous backdoors used by the OldGremlin hackers. Furthermore, it also reuses some of the network infrastructures that the OldGremlin hackers had relied on previously.

The targets of the TinyFluff Backdoor are once again Russian financial institutions. The criminals are taking advantage of the current events, and sending out phishing emails that claim to contain information about the current financial sanctions against Russian companies and citizens. Recipients are urged to download and review an email attachment, which is hosted on a public hosting service like Dropbox. However, the download conceals a malicious code that is meant to deploy the TinyFluff Backdoor.

Once active, the backdoor gives full access to the infected device. It collects data about the system, hardware and software. Criminals can send out remote commands, introduce additional plugins and more. Surprisingly, the TinyFluff Backdoor has not been used in combination with OldGremlin's signature ransomware payloads yet – however, this is probably just a matter of time.

April 15, 2022
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.