Security News > 2022 > June > Chinese hackers target script kiddies with info-stealer trojan
Cybersecurity researchers have discovered a new campaign attributed to the Chinese "Tropic Trooper" hacking group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan.
The trojan is bundled in a greyware tool named 'SMS Bomber,' which is used for denial of service attacks against phones, flooding them with messages.
The infection begins with downloading a malicious version of SMS Bomber, which contains the tool's binary and standard functionality.
The downloaded executable is actually the 'Nimbda' loader, which uses the SMS Bomber icon, and contains SMS Bomber as an embedded executable.
Check Point identifies it as 'TClient,' a backdoor Tropic Trooper used in past campaigns.
Trojanizing' SMS Bomb' indicates precise, narrow targeting, so it's likely a decision based on intelligence collected during preceding espionage.
News URL
Related news
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- Belgium probes if Chinese hackers breached its intelligence service (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)