BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Harvester Deploys New Linux Backdoor in Espionage

Harvester deploys new Linux GoGra backdoor targeting South Asia via Microsoft Graph API

  • The cyber-espionage group Harvester has deployed a new Linux variant of its GoGra backdoor in attacks likely targeting South Asia.
  • This malware abuses Microsoft’s legitimate Graph API and Outlook mailboxes as a covert command-and-control channel, bypassing traditional defenses.
  • The attack chain begins with social engineering, tricking users into opening malicious ELF binaries disguised as PDF documents.
  • Artifacts uploaded to VirusTotal from India and Afghanistan suggest these countries are the espionage campaign’s focus.

In a significant expansion of its cyber-espionage toolkit, the threat actor known as Harvester has been linked to a new Linux backdoor in April 2026, targeting entities in South Asia. The malware, called GoGra, leverages legitimate Microsoft cloud services for stealthy communication.

- Advertisement -

The cybersecurity company Symantec and Carbon Black detailed this activity in a report shared with The Hacker News. “The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” their Threat Hunter Team said.

Consequently, victims are initially compromised via social engineering, lured into opening ELF binaries disguised as harmless PDF files. The dropper then displays a decoy document while secretly executing the backdoor.

This Linux variant operates identically to its Windows predecessor by polling a specific Outlook mailbox folder named “Zomato Pizza.” Every two seconds, it scans for incoming emails with a subject line starting with “Input.”

Once a matching email is found, the backdoor decrypts its Base64-encoded body and executes the contents as shell commands. The results are then emailed back to the attacker with the subject “Output,” and the original tasking message is deleted to erase evidence.

- Advertisement -

The teams noted consistent developer fingerprints across both platforms, stating they “also identified several matching, hard-coded spelling errors across both platforms, which points towards the same developer being behind both tools.” Meanwhile, the identified VirusTotal artifacts suggest India and Afghanistan are likely targets of this ongoing espionage campaign.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

Must Read

The Ultimate Guide on How to Understand a Cryptocurrency White Paper

Today, cryptocurrency is a popular buzzword. We hear about it on the news, we read about it on the Internet. Yet, people are reluctant to...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading