Security News > 2022 > June > Chinese hackers target script kiddies with info-stealer trojan
Cybersecurity researchers have discovered a new campaign attributed to the Chinese "Tropic Trooper" hacking group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan.
The trojan is bundled in a greyware tool named 'SMS Bomber,' which is used for denial of service attacks against phones, flooding them with messages.
The infection begins with downloading a malicious version of SMS Bomber, which contains the tool's binary and standard functionality.
The downloaded executable is actually the 'Nimbda' loader, which uses the SMS Bomber icon, and contains SMS Bomber as an embedded executable.
Check Point identifies it as 'TClient,' a backdoor Tropic Trooper used in past campaigns.
Trojanizing' SMS Bomb' indicates precise, narrow targeting, so it's likely a decision based on intelligence collected during preceding espionage.
News URL
Related news
- Chinese hackers breached T-Mobile's routers to scope out network (source)
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)
- U.S. org suffered four month intrusion by Chinese hackers (source)
- Chinese hackers use Visual Studio Code tunnels for remote access (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- White House links ninth telecom breach to Chinese hackers (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- Chinese hackers also breached Charter and Windstream networks (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)