Cybersecurity experts unveil that BLOODALCHEMY, employed in governmental breaches across Southeast Asia, is an advanced iteration of Deed RAT, stemming from the notorious ShadowPad. The malware, embedded into benign processes via DLL side-loading, exhibits multifaceted capabilities, including information gathering and remote control. Its evolution underscores its pivotal role in sophisticated cyber espionage operations targeting ASEAN governments.
Originating from ShadowPad, BLOODALCHEMY raises concerns due to its association with a lineage of highly potent malware used in numerous APT campaigns. The minimalistic yet powerful backdoor, written in C, operates stealthily within compromised systems, evading detection and analysis. Its utilization of a run mode enables it to adapt its behavior dynamically, enhancing its resilience against security measures.
Analyzed by Elastic Security Labs and ITOCHU Cyber & Intelligence, BLOODALCHEMY showcases striking similarities with Deed RAT, a tool exclusively wielded by the threat actor Space Pirates. Such connections highlight the interconnectedness of cyber threats and the iterative nature of malware development. The ongoing evolution of these malicious tools underscores the persistent threat posed by sophisticated cyber adversaries, necessitating continuous vigilance and proactive defense measures.
