Mustang Panda's LOTUSLITE Variant Targets India Banks
The threat actor Mustang Panda has resurfaced with a new variant of its LOTUSLITE backdoor, specifically targeting Indiaβs banking sector. According to The Hacker News, this malware is distributed using themes related to Indian financial institutions, aiming to ensnare victims.
The LOTUSLITE variant maintains its espionage focus. The Hacker News reports that it communicates with command-and-control servers via dynamic DNS over HTTPS. Its capabilities include remote shell access, file operations, and session management, pointing to a persistent threat designed for information gathering.
What This Means For You
- If your organization operates in the Indian financial sector, scrutinize all incoming communications and software updates. Prioritize patching systems vulnerable to social engineering tactics, especially those related to financial themes. Ensure robust endpoint detection and response (EDR) is in place to catch suspicious network activity and file operations.
Written by SCW Vulnerability Desk
Related Posts
Oracle's April CPU: 450 Patches, Over 300 Remote, Unauthenticated Flaws
Oracle has dropped its April Critical Patch Update (CPU), delivering a significant batch of 481 security fixes across 28 product families. Of particular concern are...
Microsoft Rushes Patches for Critical ASP.NET Core Privilege Escalation Flaw
Microsoft has issued out-of-band updates to address a critical privilege escalation vulnerability (CVE-2026-40372) in ASP.NET Core's Data Protection APIs. BleepingComputer reports that unauthenticated attackers could...
Unpatched SharePoint Servers Remain Ripe for Spoofing Attacks
BleepingComputer reports that over 1,300 Microsoft SharePoint servers are still unpatched against a critical spoofing vulnerability. This flaw was initially exploited as a zero-day and...