Security News > 2021 > July > Fake Zoom App Dropped by New APT ‘LuminousMoth’
First comes spear-phishing, next download of malicious DLLs that spread to removable USBs, dropping Cobalt Strike Beacon, and then, sometimes, a fake Zoom app.
Luminous Moth was first going after important organizations in Myanmar, where researchers came across about 100 victims.
In some cases in the Myanmar attacks, the initial infection was followed by deployment of a signed, fake version of the popular Zoom app.
That fake Zoom app was actually malware that enabled the attackers to exfiltrate files from compromised systems.
It's unclear whether the "Sheer volume" of the attacks is due to the malware replicating through removable devices or whether it's caused by something else, such as being spread on watering-hole websites or via a supply-chain attack, the researchers said.
What is clear: LuminousMoth is a new campaign coming from a Chinese-speaking actor that echoes Mustang Panda/HoneyMyte in that it spreads in large-scale attacks, but in actuality only targets a few of them.