Auto-Color Backdoor: How a Stealthy Linux Intrusion Was Thwarted
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
In April 2025, an Auto-Color backdoor malware attack was detected on a US-based chemicals company's network. The threat actor exploited CVE-2025-31324 in SAP NetWeaver to gain initial access, attempted to download suspicious files, and communicated with malicious infrastructure. The attack involved multi-stage tactics, including SAP NetWeaver exploitation paired with Auto-Color malware for the first time. Auto-Color employed suppression tactics to evade detection when unable to complete its kill chain. The malware assessed privilege levels, installed a malicious shared object, manipulated preload configurations for persistence, and attempted C2 communication. AI-driven detection and response successfully identified and contained the threat, preventing further escalation.
OPENCTI LABELS :
backdoor,linux,evasion,persistence,auto-color,cve-2025-31324,sap netweaver
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Auto-Color Backdoor: How a Stealthy Linux Intrusion Was Thwarted