Security News > 2022 > May > Trend Micro fixes bug Chinese hackers exploited for espionage
Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware.
As Sentinel Labs revealed in an early-May report, the attackers exploited the fact that security products run with high privileges on Windows to plant and load their own maliciously crafted DLL into memory, allowing them to elevate privileges and execute code.
"Trend Micro is aware of some research that was published on May 2, 2022, regarding a purported Central-Asian-based threat actor dubbed 'Moshen Dragon' that had deployed malware clusters that attempted to hijack various popular security products, including one from Trend Micro," the cybersecurity company said.
After analyzing the report and its product line, the company discovered that only the Trend Micro Security consumer-focused product was affected, with no other commercial or business products impacted.
"For Trend Micro Security, a fix was deployed via Trend Micro's ActiveUpdate on May 19, 2022, and any user with an active internet connection should receive the update shortly if they have not yet already received it," the antivirus vendor added.
While Trend Micro has published an advisory detailing the mitigation measures taken to stop Moshen Dragon from abusing its security products for malicious products, the other vendors are yet to confirm if their products have been affected and if the bugs have been patched.
News URL
Related news
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)