Security News > 2022 > June > Chinese hackers target script kiddies with info-stealer trojan
Cybersecurity researchers have discovered a new campaign attributed to the Chinese "Tropic Trooper" hacking group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan.
The trojan is bundled in a greyware tool named 'SMS Bomber,' which is used for denial of service attacks against phones, flooding them with messages.
The infection begins with downloading a malicious version of SMS Bomber, which contains the tool's binary and standard functionality.
The downloaded executable is actually the 'Nimbda' loader, which uses the SMS Bomber icon, and contains SMS Bomber as an embedded executable.
Check Point identifies it as 'TClient,' a backdoor Tropic Trooper used in past campaigns.
Trojanizing' SMS Bomb' indicates precise, narrow targeting, so it's likely a decision based on intelligence collected during preceding espionage.
News URL
Related news
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese hackers target Linux with new WolfsBane malware (source)