Security News > 2022 > June > Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside
The novel loader, dubbed Nimbda, is "Bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity company Check Point said in a report.
"Whoever crafted the Nim loader took special care to give it the same executable icon as the SMS Bomber that it drops and executes," the researchers said.
SMS Bomber, as the name indicates, allows a user to input a phone number so as to flood the victim's device with messages and potentially render it unusable in what's a denial-of-service attack.
The fact that the binary doubles up as SMS Bomber and a backdoor suggests that the attacks are not just aimed at those who are users of the tool - a "Rather unorthodox target" - but also highly targeted in nature.
The latest attack chain documented by Check Point begins with the tampered SMS Bomber tool, the Nimbda loader, which launches an embedded executable, in this case the legitimate SMS bomber payload, while also also injecting a separate piece of shellcode into a notepad.exe process.
"Usually, when third-party benign tools are hand-picked to be inserted into an infection chain, they are chosen to be the least conspicuous possible; the choice of an 'SMS Bomber' tool for this purpose is unsettling, and tells a whole story the moment one dares to extrapolate a motive and an intended victim."
- Chinese LuoYu hackers deploy cyber-espionage malware via app updates (source)
- Chinese 'Gallium' Hackers Using New PingPull Malware in Cyberespionage Attacks (source)
- Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector (source)
- Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies (source)
- Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware (source)
- Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers (source)
- Hackers are now hiding malware in Windows Event Logs (source)
- To predict the targets of Chinese malware, look at the target of Chinese laws (source)
- Hackers Trick Users with Fake Windows 11 Downloads to Distribute Vidar Malware (source)
- Chinese "Twisted Panda" Hackers Caught Spying on Russian Defense Institutes (source)