Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

2026-04-22

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

The threat actor Harvester has deployed a new Linux variant of its GoGra backdoor targeting entities in South Asia, leveraging Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel.

•Malware uses legitimate Microsoft Graph API and Outlook mailboxes to bypass traditional network defenses
•Attacks employ social engineering to trick victims into opening ELF binaries disguised as PDF documents
•Linux GoGra contacts a specific Outlook folder named "Zomato Pizza" every two seconds using OData queries to receive commands via emails with "Input" subject lines
•Executed commands are processed via /bin/bash and results are sent back in emails with "Output" subject lines
•Same developer behind both Windows and Linux variants, evidenced by matching hard-coded spelling errors

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Mitigate credential exposure in Windows environments with Boundary and Vault

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)