DISGOMOJI Malware Used to Target Indian Government

Volexity describes a 2024 targeted cyber-espionage campaign by a suspected Pakistan-based actor (UTA0137) using a Golang Linux backdoor called DISGOMOJI that uses Discord emoji-based command-and-control to interact with victims, exfiltrate documents and browser data, and maintain persistence on BOSS Linux systems; the actor also leveraged the DirtyPipe (CVE-2022-0847) exploit for privilege escalation and employed open-source tunneling and staging services.