Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

PoorTry (Backdoor) – Malware

February 16, 2025
Reading Time: 3 mins read
in Malware
PoorTry (Backdoor) – Malware

PoorTry

Type of Malware

Backdoor

Country of Origin

United States
United Kingdom

Targeted Countries

United States

Date of Initial Activity

2022

Associated Groups

Scattered Spider

Motivation

Financial Gain

Attack Vectors

Phishing
Software Vulnerabilities

Targeted Systems

Windows

Overview

The cybersecurity landscape is constantly evolving, with new and sophisticated malware emerging regularly. One such recent threat is Poortry, a malware variant linked to advanced persistent threat (APT) groups, particularly Scattered Spider. This malware has been identified as a significant player in the growing wave of attacks targeting both public and private sector organizations. Although the exact origin of Poortry is still under investigation, its technical attributes and its usage in high-profile breaches paint a disturbing picture of the future of cybercrime. Poortry is notable for its use of a Microsoft-signed driver as part of its evasion tactics, a technique that allows it to bypass security measures designed to detect malicious software. This use of a legitimate certificate to sign malicious drivers is a hallmark of the increasingly sophisticated nature of modern cyberattacks, as it enables the malware to operate undetected by traditional security tools. Its ability to leverage trusted software in its attack chain makes it particularly dangerous and hard to detect, giving cybercriminals an edge in their attempts to gain unauthorized access to sensitive systems.

Targets

Arts, Entertainment, and Recreation

How they operate

One of the key features of Poortry is its use of a Microsoft-signed driver. This legitimate driver is exploited by the malware for defense evasion, making detection much more difficult for traditional security measures. The Microsoft-signed driver serves as a “trusted” component within the operating system, which allows Poortry to bypass security mechanisms that typically flag unsigned or suspicious software. By using a valid certificate, Poortry can operate undetected in the background while performing its malicious activities, such as establishing persistence or executing further payloads. In addition to the signed driver, Poortry employs techniques that involve leveraging remote monitoring and management (RMM) tools. These commercial tools, which are often used for legitimate system administration purposes, are exploited by the malware to gain control over the compromised systems. Tools like Fleetdeck.io and Level.io have been observed in attacks utilizing Poortry. These RMM tools provide threat actors with an easy entry point into the network, allowing them to monitor, manage, and manipulate the infected systems remotely, often without triggering suspicion. The use of such tools enables attackers to maintain a low profile while executing their attacks over an extended period. Poortry’s attack vector often begins with social engineering techniques, such as SMS phishing or spear-phishing emails, aimed at tricking victims into revealing their credentials or downloading malicious attachments. Once the malware is introduced into the system, Poortry takes advantage of vulnerabilities in the victim’s network or software to escalate privileges, ensuring that it can persist within the system without being easily removed. The malware’s operators then use multi-factor authentication (MFA) fatigue attacks to overwhelm targets, attempting to gain unauthorized access to additional systems or networks by bombarding the victim with MFA prompts until they accidentally or unknowingly grant access. Poortry also demonstrates post-exploitation behavior designed to establish long-term control. It can disable security software, delete logs, and execute additional malicious payloads to further infiltrate the network. In some cases, Poortry is used in tandem with ransomware attacks, contributing to a broader campaign of data exfiltration and extortion, often seen in BlackCat ransomware attacks.  
References:
  • Tracking Adversaries: Scattered Spider, the BlackCat affiliate
Tags: APTBackdoorsCybersecurityMalwareMFAMicrosoftmulti-factor authenticationPhishingPOORTRYScattered SpiderUnited KingdomUnited StatesWindows
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial