Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Fake Software Installers Spread DinDoor Malware Backdoor

Fake Software Installers Spread DinDoor Malware Backdoor

Posted on May 27, 2026 By CWS

A newly discovered threat campaign is targeting technology enthusiasts, including gamers and content creators, by posing as popular applications such as ChatGPT and Claude. This operation involves the dissemination of the DinDoor backdoor through counterfeit installers available on reputable platforms, leaving unsuspecting users vulnerable.

Malicious Software Installers Targeting Users

The attackers behind this campaign have cleverly utilized compromised YouTube channels to direct viewers to these harmful files. With some of these videos amassing over 50,000 views, the scale of the threat is substantial. Malwarebytes researchers uncovered this scheme after observing dubious installer packages on platforms like GitHub and SourceForge.

The malware is disguised as legitimate tools including ChatGPT, Claude, and others like Ableton Live and AutoTune, making it particularly deceptive. By leveraging the trustworthiness of platforms like GitHub, the attackers make their malicious software appear credible, reducing the likelihood of user suspicion.

Mechanics of the DinDoor Backdoor

Once a user downloads the fake installer from platforms such as GitHub or SourceForge, the infection process begins. The user, believing they are installing genuine software, initiates a command that downloads a malicious MSI installer file. This file executes additional scripts that further embed the malware into the system.

The backdoor establishes a connection with a command-and-control server, facilitating the installation of a remote access Trojan (RAT). This RAT is capable of extracting data from browsers and cryptocurrency wallets, taking screenshots, and even streaming video from the victim’s device without detection.

Broader Impact and Prevention Measures

The malware, distributed through various vectors including fake game boosters and AI tools, underscores the attackers’ broad approach. The RAT, powered by the Deno JavaScript runtime, features extensive capabilities for data theft and system control, targeting over 50 types of cryptocurrency wallets and browser extensions.

To mitigate risks, users should only download software from official sources and verify the authenticity of files by checking digital signatures. Exercising caution with free or cracked software versions is crucial to avoid falling victim to such deceptive practices.

In conclusion, staying informed and adopting vigilant software installation practices are key defenses against these evolving cyber threats. As hackers continue to exploit trusted platforms, awareness and proactive measures remain the best tools for protection.

Cyber Security News Tags:Backdoor, ChatGPT, Claude, Cybersecurity, DinDoor malware, fake software, GitHub, Malwarebytes, SourceForge, YouTube

Post navigation

Previous Post: Tycoon 2FA Phishing Kit Evades MFA on Key Platforms
Next Post: 22 Versions of Malicious npm Package Exploit Crypto Wallets

Related Posts

Notepad++ v8.9.3 Enhances Security and Stability Notepad++ v8.9.3 Enhances Security and Stability Cyber Security News
Kali Linux Unveils Two New Tools to Boost Wi-Fi Performance for Raspberry Pi Users Kali Linux Unveils Two New Tools to Boost Wi-Fi Performance for Raspberry Pi Users Cyber Security News
CrowdStrike Set to Acquire Onum in 0 Million Deal to Enhance Falcon Next-Gen SIEM CrowdStrike Set to Acquire Onum in $290 Million Deal to Enhance Falcon Next-Gen SIEM Cyber Security News
Instagram, Facebook, and WhatsApp to Test New Premium Subscriptions Instagram, Facebook, and WhatsApp to Test New Premium Subscriptions Cyber Security News
Cybercriminals Exploit Homoglyphs to Mimic Trusted Websites Cybercriminals Exploit Homoglyphs to Mimic Trusted Websites Cyber Security News
GitLab Security Update – Patch for Multiple Vulnerabilities in Community and Enterprise Edition GitLab Security Update – Patch for Multiple Vulnerabilities in Community and Enterprise Edition Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark