Security News > 2022 > June > Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside

Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside
2022-06-23 20:09

The novel loader, dubbed Nimbda, is "Bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity company Check Point said in a report.

"Whoever crafted the Nim loader took special care to give it the same executable icon as the SMS Bomber that it drops and executes," the researchers said.

SMS Bomber, as the name indicates, allows a user to input a phone number so as to flood the victim's device with messages and potentially render it unusable in what's a denial-of-service attack.

The fact that the binary doubles up as SMS Bomber and a backdoor suggests that the attacks are not just aimed at those who are users of the tool - a "Rather unorthodox target" - but also highly targeted in nature.

The latest attack chain documented by Check Point begins with the tampered SMS Bomber tool, the Nimbda loader, which launches an embedded executable, in this case the legitimate SMS bomber payload, while also also injecting a separate piece of shellcode into a notepad.exe process.

"Usually, when third-party benign tools are hand-picked to be inserted into an infection chain, they are chosen to be the least conspicuous possible; the choice of an 'SMS Bomber' tool for this purpose is unsettling, and tells a whole story the moment one dares to extrapolate a motive and an intended victim."

News URL