- 퀄컴, 베트남 빈AI의 생성형 AI 부문 ‘모비안AI’ 인수··· AI 솔루션 고도화 박차
- 블로그 | 정치적 격동기에 IT 리더가 할 수 있는 역할
- 완전 자율 주행 자동차가 관광 산업에도 영향··· 웨이모, ‘2025 관광 영향 보고서’ 발간
- European cloud group invests to create what it dubs “Trump-proof cloud services”
- The OnePlus 12 is still a powerhouse in 2025 - and it's on sale for a limited time
Researchers Spot Novel “Deadglyph” Backdoor

Security researchers have revealed a sophisticated new modular backdoor which they believe is the work of the United Arab Emirates’ Stealth Falcon group.
The malware was dubbed “Deadglyph” by ESET after the name of artifacts found in the backdoor, plus the presence of a homoglyph attack, where lookalike characters are used to spoof a URL or code.
ESET said it found the sample after investigating a cyber-espionage attack on a government client in the Middle East.
Although the vendor was only able to retrieve three of the backdoor’s modules – covering a process creator, file reader and info collector – it claimed to have seen enough to know the malware is highly sophisticated.
Read more on Stealth Falcon: Reports: US Hackers Aid UAE to Spy on the Media
Commands are dynamically received via the command-and-control (C2) server as new modules rather than being implemented in the backdoor binary, it said.
There are also multiple anti-detection capabilities including continuous monitoring of system processes and execution of randomized network patterns. The malware also tries to hide in plain sight, using homoglyph techniques to masquerade as a legitimate Windows file: VersionInfo.
In addition, the backdoor will self-remove if it fails to establish a connection to the C2 server after a certain period.
The info collector module collects a wide range of information about a victim’s computer, including details on the OS, installed software and drivers, processes, services, users and security software. A file reader module reads specific files such as those containing Outlook data.
The ESET team also found a shellcode downloader which it believes could be used to install Deadglyph.
Also known as Project Raven, Stealth Falcon has been active since at least 2012 and has been known to target political activists, journalists and dissidents in the Middle East.