SECURITY researchers reported the emergence of a new backdoor malware named Mistic, associated with a group known as Woodgnat. Mistic targets industries such as insurance and IT using a DLL side-loading technique via a legitimate Microsoft executable. This stealthy malware operates primarily in memory, avoiding traditional detection methods and contains a self-deletion kill switch. Its command-and-control infrastructure obscures its activity, and it mainly sets the stage for ransomware attacks by other affiliates.
To defend against it, organizations should implement advanced monitoring techniques, focusing on unusual processes and verifying loaded DLL signatures.