We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win64/PortStarter
Aliases: No associated aliases
Summary
Backdoor:Win64/PortStarter is a backdoor written in the Go programming language. It can change Windows firewall settings, open ports, and connect to preconfigured command-and-control (C2) servers.
Read the following blog for details:
Users should take the following steps to mitigate the threat:
- Avoid opening or downloading files or apps unless you’re sure the source is to be trusted. These might install additional malware or lead to other malicious activities.
- Keep your antivirus program running to help block or detect malware.
- Look out for ransomware indicators as this backdoor has been incorporated into multiple ransomware attacks.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
