Security News > 2022 > June > Chinese LuoYu hackers deploy cyber-espionage malware via app updates
A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks.
LuoYu has switched to abusing the automatic update mechanism of their victims' apps after previously pushing malware in easier to pull-off watering-hole attacks where they would use compromised local news sites as infection vectors.
"Man-on-the-side-attacks are extremely destructive, as the only condition needed to attack a device is for it to be connected to the internet. Even if the attack fails the first time, attackers can repeat the process over and over again until they succeed," explained Kaspersky senior security researcher Suguru Ishimaru.
Targeting Korean and Japanese organizations since at least 2014, LuoYu is also known for attacking foreign diplomatic organizations in China, the academic community, and organizations from multiple industry sectors, including defense and telecommunications.
Besides targeting Windows devices using WinDealer, this lesser-known hacking group has previously been observed attacking macOS, Linux, and Android devices with Demsty and SpyDealer malware.
"LuoYu is an extremely sophisticated threat actor able to leverage functionality available only to the most mature attackers. We can only speculate as to how they were able to develop such capabilities," Ishimaru added.
News URL
Related news
- U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation (source)
- Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- South Korean Citizen Detained in Russia on Cyber Espionage Charges (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)