DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities are currently under fire from a new cyber campaign attributed to threat actors linked to Russia, specifically Laundry Bear (UAC-0190). The campaign uses judicial and charity-themed lures to deploy DRILLAPP, a JavaScript-based backdoor that executes via Microsoft Edge in headless mode to avoid detection. DRILLAPP leverages advanced browser debugging features and the Chrome DevTools Protocol (CDP) to perform unauthorized actions such as capturing microphone audio, webcam images, and screen recordings. By running the browser with specific flags like --remote-debugging-port and --no-sandbox , the malware bypasses standard security restrictions to maintain a persistent and lightweight presence while using Pastefy as a dead drop resolver for command-and-control communication. Read Full Article