Sindoor Dropper malware targeting Linux with weaponized .desktop files

A new malware campaign called “Sindoor Dropper” is targeting Linux systems using spear-phishing tactics tied to the India-Pakistan conflict theme. It spreads via malicious .desktop files disguised as PDF documents, which open a decoy PDF while silently launching a complex, multi-stage infection.

Sindoor Dropper malware targeting Linux with weaponized .desktop filesSindoor Dropper malware targeting Linux with weaponized .desktop files

The malware chain includes an AES decryptor and encrypted downloader, using obfuscation and anti-virtual machine checks to evade detection. The final payload is a modified MeshAgent remote administration tool that connects to a command-and-control server, giving attackers full remote access to compromised Linux machines.

Sindoor Dropper malware targeting Linux with weaponized .desktop filesSindoor Dropper malware targeting Linux with weaponized .desktop files

This campaign marks a shift toward targeting Linux environments with sophisticated phishing and malware techniques.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security