Modern Cybersecurity Threats: Trojans, Backdoors, and Infostealers as Ancient Bitcoin Whale Awakens

BY KEYHUNTER 04.08.2025

In January 2011, one of the earliest and most significant Bitcoin holders, known in the crypto community as a “whale,” amassed 15,947 BTC in his address. The address, 14jxFS93uiiYFEKGYekweEo2agpuodmSfj, is one of the oldest surviving Bitcoin wallets. At the time, the price of one Bitcoin was between a few cents and a few dollars, significantly lower than today’s values (the news figure of BTC at $0.000236 is a misnomer, as Bitcoin fluctuated between $1 and $5 in 2011). After a long period of 14 and a half years during which the address remained “dormant” and did not make any transactions, a small test transaction was recorded about 20 minutes ago, signaling the asset’s awakening. This event attracts the attention of analysts and investors, as the activation of an old large address often heralds significant actions in the cryptocurrency market, including possible investment operations.

During the years of inactivity, the price of Bitcoin has grown to its current levels, approximately $27,000–$30,000 per coin, meaning the total value of the funds at this address is estimated at millions of dollars. Such long-term storage of the cryptocurrency and its unexpected movement is an important signal for the market, prompting experts to analyze the situation and predict price dynamics.

The second part of the news reflects serious cybersecurity challenges that remain relevant in 2025. Research conducted by leading cybersecurity companies such as Kaspersky Lab and T-Technologies record the activity of new complex threats. Among them are targeted attacks using backdoors, such as those by a new unknown APT group, which hit dozens of Russian organizations in early 2025.

Analyst reviews from late 2024 and early 2025 confirm an increase in large-scale botnet attacks on IoT devices and network equipment, as well as notable cases of software supply chain compromise and the BYOVD (Bring Your Own Vulnerable Driver) phenomenon, where attackers use vulnerable drivers to bypass Endpoint Detection and Response (EDR) systems.

Particular attention is being paid to the use of artificial intelligence and quantum computing in new data leak schemes, which increases the overall threat and makes cyberattacks more difficult to detect and prevent. Typical types of malware include Trojans, infostealers, and specialized backdoors, as in the case of the PhantomCore group, which used home-made malware tools and “honeypots” to infiltrate networks in May 2025.

Forecasts for the development of the information security market in 2025 point to an increasing role of AI in attacks and defense, as well as an increase in threats to the financial industry, where attackers increasingly target partner networks and suppliers using sophisticated financially motivated methods.

Thus, the news report combines key topics of the cryptocurrency market and cybersecurity, demonstrating both rare events related to the “awakening” of the oldest Bitcoin addresses with multi-million balances, and evolving threats to digital security in the modern era, when attacks are becoming more sophisticated and large-scale. These interrelated processes require close attention from specialists and investors in both fields – cryptoeconomics and information technology.

Malware is software created to gain unauthorized access to computers and information, harm users, steal data, or gain control over infected devices. In today’s cybersecurity environment, the most common types of malware are Trojans, backdoors, and infostealers, which pose a serious threat to both individuals and corporate systems.

Trojans are malicious programs that disguise themselves as legitimate system or utility software to hide their presence in the system. They most often penetrate workstations through phishing emails with attachments that the user mistakenly opens, after which the Trojan is quietly loaded and begins to perform its malicious functions. The main tasks of Trojans include stealing confidential data, providing attackers with remote access to the computer, and substituting transactions. Among the well-known Trojans, we can highlight such tools as SugarGh0st, CloudSorcerer, RingSpy, MetaStealer and PhantomRAT. They are introduced into the system by disguising themselves or using loaders, which themselves can be hidden and difficult to detect for antivirus programs 4 .

Backdoors are a type of malware that provide an attacker with hidden remote access to an infected computer. They allow criminals to fully control the device: install and run new malware, collect and transmit information, including passwords and account data, and activate input devices such as webcams. Backdoors have client and server parts, they often disguise themselves as operating system processes and use various methods to bypass protection. Examples include the NanoCore and Mirai tools, which are actively used for espionage and mass network attacks, including attacks on IoT devices 3 .

Infostealers are specialized malware that aims to steal personal and corporate data. Infostealer, like TROX Stealer, is capable of extracting information from browsers, databases, and other storage facilities by disguising itself as legitimate processes and using modern obfuscation methods and artificial intelligence to create phishing emails. This significantly complicates their detection and increases the effectiveness of attacks 3 .

In terms of infection vectors, phishing emails and loaders remain the main method of delivering malware to a system. For example, the GuLoader loader is often used to “plant” Trojans and stealers on corporate networks, successfully bypassing security systems and sandbox environments. Attackers carefully select targets – large companies in the logistics, insurance and pharmaceutical industries, using chains of phishing attacks using emails disguised as messages from well-known organizations 3 .

Now about the second part of the news – the activity of the ancient “whale” in the bitcoin market.

In January 2011, one of the earliest and largest Bitcoin holders (the so-called “whale”) accumulated 15,947 BTC on his address. At the time, the price of one BTC was about 0.000236 USD (the recalculation of the indicated figure in the news is probably wrong – the price of Bitcoin in 2011 was within a few cents to several dollars, but not millions). This address – 14jxFS93uiiYFEKGYekweEo2agpuodmSfj – remained “sleeping” for this entire period, without conducting transactions. However, literally 20 minutes ago, this user made a small test transaction, which confirmed the resumption of activity after 14 and a half years of inactivity.

During this time, the price of Bitcoin has risen sharply, reaching around $27,000–$30,000 per coin (which is millions of dollars from those 15,947 BTC). The resurgence of activity on such an old address attracts the attention of the crypto community and analysts, as it often signals possible major market moves or the start of new investment operations.

Thus, this news combines two important topics – modern cybersecurity threats related to Trojans, backdoors and infostealers, as well as a rare event in the cryptocurrency market related to the activation of one of the oldest and largest Bitcoin addresses in history.

Sources:

  • Detailed analytical reviews of malware, including the characteristics of Trojans and backdoors, their methods of disguise and distribution through phishing are presented on the websites PT Security and BI.ZONE 3 .
  • The description of the operating principles of Trojans and backdoors, their differences and main features are illustrated by technical articles and encyclopedic resources 4 .
  • Information about the cryptocurrency “whale” is based on the latest data on the oldest Bitcoin addresses and their activity in real time.

Let’s look at a selection of articles related to the topic of modern cybersecurity threats, Trojans, backdoors and trends for 2025:

  1. “New backdoor attacked dozens of Russian organizations” – description of targeted cyber-espionage attacks by an unknown APT group using sophisticated malware, research by Kaspersky Lab and T-Technologies (April 2025) 1 .
  2. “Current Cyber Threats: Q4 2024 – Q1 2025” – analysis of mass botnet attacks on IoT devices and network equipment, compromise of software supply chains, use of BYOVD and bypass of EDR systems 2 .
  3. “Cybercrime in 2025: New Data Leak Schemes” is an overview of new threats associated with the use of artificial intelligence and quantum computing to conduct sophisticated attacks and bypass traditional security methods 3 .
  4. “PC and IoT Threat Statistics Q1 2025” – data on new vulnerabilities, ransomware and data-stealing Trojan attacks, and the latest tactics to bypass EDR systems 4 .
  5. “PhantomCore Attacks 2025: Custom Backdoor and Honeypot” is a report on the PhantomCore group’s activities in May 2025, using custom tools and malware to infiltrate networks 6 .
  6. “Information Security Market Forecast 2025” – an analysis of cyber threat trends and key challenges for data protection in 2025, including the increasing role of artificial intelligence in both attacks and defense 7 .
  7. “Cyber Threats to the Financial Industry: Forecast for 2025–2026” is a study on the risks to financial institutions, the growth of attacks on partners and suppliers, as well as new attack schemes with a financial motive 9 .

These materials provide a broad and up-to-date overview of modern malware tools (Trojans, backdoors, infostealers), as well as trends in the development of cyber threats in 2025.

What new methods and tools will cybercriminals use in 2025

In 2025, cybercriminals will use a number of new methods and tools that will significantly increase the effectiveness of attacks:

  • Artificial intelligence (AI) and machine learning (ML) are being used extensively to create adaptive malware that can change behavior in real time, evade detection systems, and automate the search for vulnerabilities in networks. AI is also being used to create convincing phishing and deepfakes at scale, which imitate the faces and voices of trusted individuals, making attacks much harder to detect 6 .
  • Quantum computing attacks – While quantum computers are not yet widely available, criminals are already collecting encrypted data to decrypt it in the future when quantum technology becomes powerful enough. This poses a security threat to traditional encryption algorithms such as RSA and AES 1 .
  • Attacks on the Internet of Things (IoT) and Industrial IoT are on the rise. Vulnerabilities in IoT devices and communication protocols are becoming popular targets for attackers. Attacks on both consumer and industrial IoT systems, including smart city systems, are expected to increase in 2025 3 .
  • Cloud technologies and hybrid infrastructures are becoming a frequent target for attacks. Compromised cloud accounts and incorrect security settings lead to data leaks and ransomware. Attackers are actively mastering methods of penetration through suppliers and company partners, complicating protection 3 .
  • Phishing and social engineering are becoming more sophisticated with AI. Phishing campaigns have become more personalized and sophisticated, including the creation of fake websites and deepfake videos, as well as large-scale phishing emails written using generative AI models (such as LLMs, such as WormGPT). This increases the human factor as a weak link in information security 6 .
  • Ransomware activity is on the rise – the share of attacks extorting data encryption has increased, with attackers combining encryption with information theft for double blackmail. Despite the development of countermeasures, the damage from such attacks remains significant 6 .

Thus, the main trend is the use of artificial intelligence and new technologies in attacks, as well as the diversification of methods – from data theft and phishing to attacks on IoT and cloud services. These changes require businesses to strengthen proactive protection, train personnel and implement advanced cybersecurity tools 6 .

What are the threats associated with the expansion of industrial IoT and cloud technologies?

The expansion of the Industrial Internet of Things (IIoT) and cloud technologies in 2025 is accompanied by a number of serious cyber threats:

  • Increased attack surface and vulnerability of edge devices and IoT gateways . Specialized equipment, sensors, and controllers often have weak security—insecure passwords, outdated firmware, and open ports—which increases the risk of hacking and exploitation 7 .
  • Increase in targeted attacks on industrial control systems (ICS). Malware is able to remotely access and control equipment in factories, which can lead to disruption of technological processes, breakdowns and damage to products. An example is the use of modules in malware platforms, such as BlackEnergy or CrashOverride, to sabotage production facilities 3 .
  • Industrial espionage and intellectual property theft through hacking IIoT devices and video surveillance systems. Attackers gain access to confidential data on technological processes, production plans and other important information, which can lead to serious financial losses and loss of competitive advantages 4 .
  • Violation of data integrity and availability , which threatens downtime and stoppage of technological processes. Leaks or distortion of working data can collapse business processes and lead to serious losses 5 .
  • Increased risk of cyber attacks via the Internet and cloud services used to store and process production data. Incorrect configuration, vulnerabilities in cloud platforms and insufficient network segmentation create the possibility of remote penetration into industrial infrastructure 3 .
  • The complexity of inventorying and managing vulnerabilities in the IIoT environment is due to the diversity of specialized protocols and devices, which complicates the timely detection and elimination of threats 3 .
  • The transformation of traditional IT and OT systems into a single infrastructure expands the attack surface. Attackers can penetrate industrial equipment through IT network segments, posing a threat to the smooth operation of production and security 5 .

All of these threats require a comprehensive approach to industrial cybersecurity with a focus on:

  • strict access control and credential policies;
  • continuous monitoring and inventory of IIoT devices;
  • timely updating and patching of firmware;
  • segmentation of IT and OT networks;
  • Strengthening control and protection of cloud platforms.

These measures are necessary to minimize the risks of interruptions, financial losses and industrial espionage in the era of active implementation of the Industrial Internet of Things and cloud technologies 5 .

What are the main types of cyber attacks that threaten industrial IoT and cloud systems?

The top types of cyberattacks threatening Industrial IoT (IIoT) and cloud systems in 2025 include the following:

  1. Botnet and DDoS attacks
    Attackers create botnets of IoT devices with unprotected passwords, using them to launch powerful distributed denial of service (DDoS) attacks that overload target servers and disrupt services and production 2 .
  2. Exploitation of weak passwords and vulnerabilities
    Many IoT devices and gateways have default or unchangeable passwords, which gives attackers an easy way to gain access to the network. Attacks through vulnerabilities in data transfer protocols are also widely used, such as Modbus TCP, which is widely used in industry, exploited for device control and process disruption 6 .
  3. Ransomware Ransomware
    continues to be the main threat to industrial systems – it blocks the operation of production solutions and demands a ransom. Modern ransomware even attacks SCADA and ICS systems, which can lead to production shutdowns and major losses 4 .
  4. Man-in-the-Middle (MitM) and Traffic Interception
    Attacks to intercept communications between devices and cloud platforms allow attackers to eavesdrop, replace, or modify transmitted data, compromising the integrity and trust of information 5 .
  5. Remote Management and Operation of IoT Gateways
    Vulnerabilities in IoT gateways that connect legacy industrial protocols to modern digital systems allow attackers to run arbitrary code and control key devices 1 .
  6. Social engineering and phishing
    are used to obtain access credentials to cloud services and industrial system management; spear phishing is also used to penetrate corporate infrastructure 5 .
  7. Wiper-type malware
    Programs that erase or damage data and software on industrial equipment, causing serious failures and loss of information 4 .

In summary, cyberattacks on industrial IoT and cloud systems are characterized by the complex use of vulnerabilities in devices, protocols, cloud infrastructure and human factors, which requires comprehensive protection and integrated solutions 5 .

In today’s digital reality, we are witnessing the dynamic development of two interconnected areas at once – innovations in the cryptocurrency space and the evolution of cyber threats, which pose increasingly serious challenges to society and business. The activation of one of the oldest and largest Bitcoin addresses, which has stored millions of dollars in cryptocurrency for more than fourteen years, serves not only as evidence of the sustainability and long-term potential of digital assets, but also as a signal to the financial community about the possibility of major market movements and new investment strategies.

At the same time, increasing threats to cybersecurity — the growing number and complexity of Trojans, the evolution of backdoors and infostealers, the active use of artificial intelligence and quantum computing in the toolkit of attackers — highlight the need for an integrated and proactive approach to protecting digital infrastructure. Mass attacks on IoT networks, industrial systems, cloud services, as well as financially motivated attacks on suppliers and partners make security a key element of business and national economic sustainability.

Thus, the modern digital ecosystem is a complex interweaving of huge opportunities and significant risks. Investing in cryptocurrencies is accompanied by continuous monitoring and analysis of market events, including the activation of major players, while cybersecurity requires constant improvement of protection technologies, personnel training and testing of systems for stability. Only a comprehensive and integrated approach will minimize risks, take advantage of the potential of digital innovations and ensure reliable protection of information and assets in a rapidly changing technological landscape.

  1. https://ptsecurity.com/ru-ru/research/analytics/kiberugrozy-dlya-promyshlennosti-industrial-iot/
  2. https://securelist.ru/iot-threat-report-2023/108088/
  3. https://www.anti-malware.ru/analytics/Threats_Analysis/IoT-devices-attacks
  4. https://ptsecurity.com/ru-ru/research/analytics/industrial-cybersecurity-threatscape-2022/
  5. https://sber.pro/publication/shchit-i-mech-kak-zashchitit-promyshlennyi-iot-ot-kiberugroz/
  6. https://habr.com/ru/companies/pt/articles/869174/
  7. https://cyberleninka.ru/article/n/kiberbezopasnost-v-ustroystvah-iot-uyazvimosti-riski-i-strategii-snizheniya-riskov
  8. https://ics-cert.kaspersky.ru/publications/reports/2024/11/08/q2-2024-a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity/
  9. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:IIoT_-_Industrial_Internet_of_Things_(%D0%9F%D1%80%D0%BE%D0%BC%D1%8B%D1%88%D0%BB%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9_%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82_%D0%B2%D0%B5%D1%89%D0%B5%D0%B9)
  10. https://www.comnews.ru/content/212288/2020-12-21/2020-w52/iiot-kak-ugroza
  1. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:IIoT_-_Industrial_Internet_of_Things_(%D0%9F%D1%80%D0%BE%D0%BC%D1%8B%D1%88%D0%BB%D0%B5%D0%BD%D0%BD%D1%8B%D0%B9_%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82_%D0%B2%D0%B5%D1%89%D0%B5%D0%B9)
  2. https://ics-cert.kaspersky.ru/publications/reports/2017/11/30/industrial-enterprise-and-iot-security-threats-forecast-for-2018/
  3. https://ptsecurity.com/ru-ru/research/analytics/kiberugrozy-dlya-promyshlennosti-industrial-iot/
  4. https://www.anti-malware.ru/analytics/Threats_Analysis/IoT-devices-attacks
  5. https://os.kaspersky.ru/blog/iot-risks-and-protection-in-the-digital-age/
  6. https://securelist.ru/iot-threat-report-2023/108088/
  7. https://habr.com/ru/companies/pt/articles/869174/
  8. https://cyberleninka.ru/article/n/kiberbezopasnost-v-ustroystvah-iot-uyazvimosti-riski-i-strategii-snizheniya-riskov
  9. https://ksmvdrb.ru/budushhee-zashhity-dannyh/internet-veshhej-iot-i-bezopasnost-ugrozy-i-reshenija-dlja-umnyh-gorodov/
  10. https://www.cta.ru/articles/cta/obzory/tekhnologii/124399/
  1. https://falcongaze.com/ru/pressroom/publications/kiberbezopasnost/kiberprestupnost-v-2025-godu-novye-skhemy-utechek-dannyh.html
  2. https://sber.pro/publication/eksperti-nazvali-5-tehnologii-kotorie-stanut-klyuchevimi-tselyami-kiberatak-v-2025-godu/
  3. https://safe.cnews.ru/news/line/2025-01-10_positive_technologies_kakie_tehnologii
  4. https://ptsecurity.com/ru-ru/about/news/positive-technologies-kakie-tehnologii-stanut-czelyu-atak-hakerov-v-2025-godu/
  5. https://kurshub.ru/journal/blog/glavnye-tendenczii-v-kiberbezopasnosti-ot-ugroz-do-reshenij/
  6. https://ptnl.moscow/articles/kiberbezopasnost-v-2025-godu-novye-ugrozy-i-kak-ot-nikh-zashchititsia
  7. https://www.comnews.ru/content/240293/2025-07-22/2025-w30/1008/kiberprestupniki-pereshli-starye-novye-skhemy
  8. https://pravo.ru/story/256170/
  9. https://www.computerra.ru/312655/kiberataki-2025-chto-novogo-gotovyat-zloumyshlenniki/
  1. https://safe.cnews.ru/news/line/2025-04-17_novyj_bekdor_atakoval_desyatki
  2. https://ptsecurity.com/ru-ru/research/analytics/aktualnye-kiberugrozy-iv-kvartal-2024-goda-i-kvartal-2025-goda/
  3. https://falcongaze.com/ru/pressroom/publications/kiberbezopasnost/kiberprestupnost-v-2025-godu-novye-skhemy-utechek-dannyh.html
  4. https://securelist.ru/malware-report-q1-2025-pc-iot-statistics/112821/
  5. https://ddos-guard.ru/blog/daidzhest-kiberbezopasnosti-2025-Q2
  6. https://www.anti-malware.ru/news/2025-06-02-111332/46228
  7. https://www.itsec.ru/news/prognoz-razvitiya-rinka-informazionnoy-bezopasnosti-v-2025-godu
  8. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D1%8B%D0%B5_%D1%82%D0%B5%D0%BD%D0%B4%D0%B5%D0%BD%D1%86%D0%B8%D0%B8_%D0%B2_%D0%B7%D0%B0%D1%89%D0%B8%D1%82%D0%B5_%D0%B8%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%B8
  9. https://ptsecurity.com/ru-ru/research/analytics/kiberugrozy-finansovoi-otrasli—prognoz-na-2025-2026-g/
  1. https://ptsecurity.com/ru-ru/research/analytics/malware-threats-and-detection-2023/
  2. https://habr.com/ru/sandbox/43074/
  3. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%92%D1%80%D0%B5%D0%B4%D0%BE%D0%BD%D0%BE%D1%81%D0%BD%D0%B0%D1%8F_%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D0%B0_(%D0%B7%D0%BB%D0%BE%D0%B2%D1%80%D0%B5%D0%B4)
  4. https://ru.wikipedia.org/wiki/%D0%92%D1%80%D0%B5%D0%B4%D0%BE%D0%BD%D0%BE%D1%81%D0%BD%D0%B0%D1%8F_%D0%BF%D1%80%D0%BE%D0%B3%D1%80%D0%B0%D0%BC%D0%BC%D0%B0
  5. https://ptsecurity.com/ru-ru/research/analytics/aktualnye-kiberugrozy-iv-kvartal-2024-goda-i-kvartal-2025-goda/
  6. https://www.kaspersky.ru/resource-center/preemptive-safety/faq
  7. https://safe.cnews.ru/news/top/2025-06-23_sotni_novoobnaruzhennyh_repozitoriev
  8. https://learn.microsoft.com/kk-kz/defender-endpoint/malware/understanding-malware
  9. https://www.anti-malware.ru/threats/trojans/news?page=30
  10. https://www.kaspersky.ru/resource-center/threats/computer-viruses-and-malware-facts-and-faqs
  1. http://bitcoinwiki.org/ru/wiki/adress
  2. https://ibmm.ru/news/kriptoindustriya/bitkoin-adres/
  3. https://academy.binance.com/ru/glossary/btc-wallet-address
  4. https://trusteeglobal.com/ru/academy/adres-bitkoin-koshelka/
  5. https://support.bitcoin.com/ru/articles/3542817-%D0%B3%D0%B4%D0%B5-%D0%BC%D0%BE%D0%B6%D0%BD%D0%BE-%D0%BD%D0%B0%D0%B9%D1%82%D0%B8-%D0%BC%D0%BE%D0%B9-%D0%B0%D0%B4%D1%80%D0%B5%D1%81-bitcoin
  6. https://www.blockchain.com/ru/explorer
  7. https://coin.space/ru/bitcoin-address-check/
  8. https://bitinfocharts.com/ru/bitcoin/address/1GR9qNz7zgtaW5HwwVpEJWMnGWhsbsieCG