Siggen Backdoor Hits Windows Developers Via Infected Visual Studio Projects
A newly analyzed Windows backdoor, called the Siggen backdoor “BackDoor.Siggen2.5906”, targets software developers by modifying C++ and C# projects, allowing malicious code to spread through source files, compiled applications, and development environments.
Doctor Web researchers said the malware can steal passwords, browser cookies, Discord tokens, Telegram data, and cryptocurrency wallet information. It also monitors clipboard activity, provides remote access to infected computers, installs cryptocurrency miners, and inserts malicious code into developer files.
Researchers first identified the malware during the final quarter of 2025, and since then its operators have continued updating the code, adding new execution methods and making the malware harder to detect.
The Infection Chain
The attack begins with infected executable files or malicious Python scripts. In compromised Windows applications, the attackers add a function that runs during the normal startup process and launches PowerShell in the background. PowerShell then downloads the next malware component, allowing...
Copyright of this story solely belongs to hackread.com. To see the full text click HERE