New Variants of SparrowDoor Backdoor Discovered in Cyberattacks on U.S. and Mexican Organizations
March 26, 2025
Malware / Vulnerability
The Chinese threat actor known as FamousSparrow has been implicated in a cyberattack targeting a U.S. trade group and a research institute in Mexico, leveraging its primary backdoor, SparrowDoor, along with ShadowPad. This activity, observed in July 2024, marks the first deployment of ShadowPad by the group, a malware commonly associated with Chinese state-sponsored attackers. ESET reported that “FamousSparrow introduced two new, undocumented versions of the SparrowDoor backdoor, one of which is modular.” These iterations show significant advancements, including the ability to execute commands in parallel. FamousSparrow was first identified by the Slovak cybersecurity firm in September 2021 during a series of attacks against hotels, governments, engineering firms, and law practices, utilizing the exclusive SparrowDoor implant. Subsequent reports have highlighted the adversarial group’s expanding footprint…