Security News > 2022 > June > Chinese hackers target script kiddies with info-stealer trojan

Cybersecurity researchers have discovered a new campaign attributed to the Chinese "Tropic Trooper" hacking group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan.
The trojan is bundled in a greyware tool named 'SMS Bomber,' which is used for denial of service attacks against phones, flooding them with messages.
The infection begins with downloading a malicious version of SMS Bomber, which contains the tool's binary and standard functionality.
The downloaded executable is actually the 'Nimbda' loader, which uses the SMS Bomber icon, and contains SMS Bomber as an embedded executable.
Check Point identifies it as 'TClient,' a backdoor Tropic Trooper used in past campaigns.
Trojanizing' SMS Bomb' indicates precise, narrow targeting, so it's likely a decision based on intelligence collected during preceding espionage.
News URL
Related news
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Chinese Weaver Ant hackers spied on telco network for 4 years (source)
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)