MINIBIKE Malware — Security Threat Analysis Report By CyberDudeBivash • Date: September 20, 2025 (IST)
Executive summary MINIBIKE is a custom Windows backdoor used by the Iran-nexus threat cluster UNC1549 (overlaps with Tortoiseshell/Imperial Kitten). It’s delivered via recruitment-themed social engineering and DLL sideloading , and talks to Azure-hosted C2 to blend into normal cloud traffic. In 2025, researchers observed campaigns against telecom firms in Europe and North America , while earlier waves (2022–2024) focused on aerospace/defense in the Middle East. MINIBIKE collects host data, enumerates files/processes, exfiltrates content, runs arbitrary payloads, and establishes persistence via registry keys—often wrapped with anti-analysis tricks. The Hacker News +1 Why it matters: Azure-proxied C2 and legitimate app sideloading make detections noisy. If you operate telecom, aerospace/defense, or adjacent sectors, prioritize controls below and hunt for the azure[.]cloudapp[.]com C2 pattern, fake job lures, and OneDrive/SharePoint sideloading footprints. The Hacker News ...