BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Mistic Backdoor Deployed in Ransomware-Linked Attacks

Stealthy Mistic backdoor deployed via ClickFix campaigns for long-term access and ransomware

  • A new backdoor named Mistic has been deployed in financially motivated attacks across insurance, education, IT, and professional services since April 2026.
  • The backdoor is linked to the initial access broker KongTuke and is distributed via ClickFix campaigns, often alongside the ModeloRAT remote access trojan.
  • Mistic is designed for stealth, executing payloads directly in memory with a self-deletion feature to avoid detection and maintain long-term access.
  • Targeting appears opportunistic, with attackers potentially assessing which compromised organizations to sell access to, and the campaign has been linked to subsequent Qilin ransomware deployment.

Cybersecurity researchers have uncovered a stealthy new backdoor called Mistic being used in suspected financially motivated attacks against organizations in insurance, education, IT, and professional services since April 2026. The malware, also tracked as MLTBackdoor, is linked to the initial access broker KongTuke and was dropped alongside the Python-based ModeloRAT, according to a report from Broadcom’s cybersecurity teams shared with The Hacker News.

- Advertisement -

The attackers primarily used malicious ClickFix campaigns, which trick users into running commands after a browser crash, to deliver their payload. Zscaler ThreatLabz highlighted this delivery method earlier in June 2026, attributing it to a ransomware-related threat actor.

Consequently, the backdoor employs advanced techniques like DLL side-loading through a trusted Microsoft security tool to avoid raising alarms. It runs entirely in memory, granting it capabilities to upload/download files, execute remote code, and even load Beacon Object Files to expand its functions.

“The backdoor runs payloads in memory with no file written to disk and includes a kill switch that lets it delete itself, which are features consistent with an operator seeking long-term, low-visibility access,” the researchers noted. The targeting appears opportunistic, with the attackers casting a wide net to later sell access, Symantec and Carbon Black said, adding that ModeloRAT has been seen in attacks that deployed Qilin ransomware.

Meanwhile, the KongTuke group has evolved its tactics, recently using a fake IT Support account to send malicious Microsoft Teams messages. “The use of custom tools in ransomware attacks is becoming a more common phenomenon,” Broadcom stated, suggesting Mistic continues this trend, likely developed by access brokers for ransomware affiliates.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

AI-Assisted TuxBot v3 IoT Botnet Found Riddled With Errors

Cybersecurity researchers at Palo Alto Networks Unit 42 discovered a new IoT botnet framework...

OpenAI’s GPT-Red automates AI security testing

OpenAI introduced GPT-Red, an automated AI system to find vulnerabilities in GPT models before...

Trump to Meet Senators on Crypto Ethics; Bill Near Final

President Donald Trump is scheduled to meet with senators Thursday to negotiate the unresolved...

Ostium hacked on Arbitrum, $18M lost in oracle key breach

Ostium, a decentralized perpetual futures exchange on Arbitrum, was hacked via a private key...

Blanche Faces Senate Grilling Over DOJ Crypto Unit Disband

Acting Attorney General Todd Blanche faced Senate Judiciary Committee backlash over dismantling the DOJ's...

Must Read

The Ultimate Guide on How to Understand a Cryptocurrency White Paper

Today, cryptocurrency is a popular buzzword. We hear about it on the news, we read about it on the Internet. Yet, people are reluctant to...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading