MuddyWater targets Israel with new Fooder and MuddyViper
🛡️ ESET researchers identified a MuddyWater campaign running from 30 September 2024 to 18 March 2025 that primarily targeted organizations in Israel and one confirmed technology victim in Egypt. Operators deployed newly observed custom tools — a reflective loader called Fooder and a C/C++ backdoor named MuddyViper — and abused RMM installers and reverse tunnels. The malware uses Windows CNG for AES-CBC encryption and communicates over HTTPS; operators deliberately minimized hands-on-keyboard activity to hinder detection.
