According to a research from ASEC, more threat actors are using the BlueShell malware to attack Windows, Mac, and Linux OS in Korea and Thailand. The Go-written BlueShell backdoor has been in use since 2020.
In order to avoid network detection when interacting with its C2 server, BlueShell uses TLS encryption.
It is dependent on three configuration parameters: the IP address of the C2 server, the port number, and a predetermined waiting period. The Dalbit Group has been found to employ BlueShell malware in attacks on Windows PCs, according to research findings. A Chinese threat actor known as The Dalbit Group typically targets unprotected servers to steal crucial data, which it then exploits to demand ransom.