Security News > 2022 > June > Chinese LuoYu hackers deploy cyber-espionage malware via app updates

A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks.

LuoYu has switched to abusing the automatic update mechanism of their victims' apps after previously pushing malware in easier to pull-off watering-hole attacks where they would use compromised local news sites as infection vectors.

"Man-on-the-side-attacks are extremely destructive, as the only condition needed to attack a device is for it to be connected to the internet. Even if the attack fails the first time, attackers can repeat the process over and over again until they succeed," explained Kaspersky senior security researcher Suguru Ishimaru.

Targeting Korean and Japanese organizations since at least 2014, LuoYu is also known for attacking foreign diplomatic organizations in China, the academic community, and organizations from multiple industry sectors, including defense and telecommunications.

Besides targeting Windows devices using WinDealer, this lesser-known hacking group has previously been observed attacking macOS, Linux, and Android devices with Demsty and SpyDealer malware.

"LuoYu is an extremely sophisticated threat actor able to leverage functionality available only to the most mature attackers. We can only speculate as to how they were able to develop such capabilities," Ishimaru added.

News URL

https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy-cyber-espionage-malware-via-app-updates/