Security News > 2022 > June > Chinese LuoYu hackers deploy cyber-espionage malware via app updates
A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks.
LuoYu has switched to abusing the automatic update mechanism of their victims' apps after previously pushing malware in easier to pull-off watering-hole attacks where they would use compromised local news sites as infection vectors.
"Man-on-the-side-attacks are extremely destructive, as the only condition needed to attack a device is for it to be connected to the internet. Even if the attack fails the first time, attackers can repeat the process over and over again until they succeed," explained Kaspersky senior security researcher Suguru Ishimaru.
Targeting Korean and Japanese organizations since at least 2014, LuoYu is also known for attacking foreign diplomatic organizations in China, the academic community, and organizations from multiple industry sectors, including defense and telecommunications.
Besides targeting Windows devices using WinDealer, this lesser-known hacking group has previously been observed attacking macOS, Linux, and Android devices with Demsty and SpyDealer malware.
"LuoYu is an extremely sophisticated threat actor able to leverage functionality available only to the most mature attackers. We can only speculate as to how they were able to develop such capabilities," Ishimaru added.
News URL
Related news
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)