This blog post examines MoonWalk, a new backdoor employed by APT41, a China-based threat actor known for campaigns in Southeast Asia. MoonWalk utilizes numerous evasion techniques, including DLL hollowing, call stack spoofing, and the abuse of Windows Fibers to evade security solutions. It also leverages Google Drive as a command-and-control channel, blending in with legitimate network traffic. MoonWalk's modular design allows for easy capability updates and customization for different scenarios.