We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win64/SlugResin!rfn
Aliases: No associated aliases
Summary
Backdoor:Win64/SlugResin!rfn is the detection name for a 64-bit Windows backdoor variant of the SlugResin malware family. As a backdoor, it is designed to create a hidden pathway on a target device for a remote threat actor to access. It creates a hidden way to bypass normal security, access control, and permissions available in Windows. This kind of access can facilitate many malicious use cases, such as data exfiltration, espionage, ransomware attacks, and uploading additional payloads. This creates a very unsafe environment for the whole network where the infected device is connected.
The !rfn suffix denotes SlugResin is detected with a pattern of code, behavior, or characteristics shared by a broader family of backdoors available in the wild. This method is effective for catching new variants of known malware families, as it doesn't require a specific signature for each slight modification threat actors make.
- Disconnect from networks/internet.
- Implement multifactor authentication as a long-term security methodology.
- From a known-clean device, immediately reset passwords for all accounts that were accessed or stored on the infected machine
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
