Iran-linked MuddyWater Deploys MuddyViper Against Israel
🔒 ESET reports Iranian-aligned MuddyWater has deployed a previously undocumented backdoor named MuddyViper against Israeli organizations across academia, engineering, local government, manufacturing, technology, transportation, and utilities, as well as one Egyptian technology company. The intrusions began with spear-phishing PDFs and exploitation of VPN and remote-access vulnerabilities to deliver loaders called Fooder, which decrypt and execute the C/C++ backdoor or drop tunneling proxies and browser-data collectors. MuddyViper implements about 20 commands for reconnaissance, file transfer, command execution, and exfiltration of Windows credentials and browser data; several Fooder variants masquerade as the Snake game and use delayed execution to evade detection.
