Backdoor Uses FFmpeg Application to Spy on Victims

A recently observed feature-rich backdoor is capable of spying on its victim’s activities by recording full videos with the help of the "FFmpeg" application, Malwarebytes warns. Detected as Backdoor.DuBled and written in .NET, the malware is distributed through a JS file containing an executable that installs itself under a random. To achieve persistence, the threat uses a run key, while also dropping a copy of itself in the startup folder. The threat downloads the legitimate applications Rar.exe and ffmpeg.exe, along with related DLLs (DShowNet.dll and DirectX.Capture.dll) and uses them for its nefarious operations, the security researchers reveal.