216.73.217.98

Auto-Color Backdoor: How a Stealthy Linux Intrusion Was Thwarted

· Published 31/07/2025 10:04 · Modified 31/07/2025 10:08

Export JSON

Essential information

Published
31/07/2025 10:04
Modified
31/07/2025 10:08
Tags
2025-07-31

Description

In April 2025, an Auto-Color backdoor malware attack was detected on a US-based chemicals company's network. The threat actor exploited CVE-2025-31324 in SAP NetWeaver to gain initial access, attempted to download suspicious files, and communicated with malicious infrastructure. The attack involved multi-stage tactics, including SAP NetWeaver exploitation paired with Auto-Color malware for the first time. Auto-Color employed suppression tactics to evade detection when unable to complete its kill chain. The malware assessed privilege levels, installed a malicious shared object, manipulated preload configurations for persistence, and attempted C2 communication. AI-driven detection and response successfully identified and contained the threat, preventing further escalation.