Security News > 2022 > August > Chinese hackers backdoor chat app with new Linux, macOS malware
Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor that can be used to steal data from Linux and macOS systems.
SEKOIA's Threat & Detection Research Team says that the app's macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022.
They discovered this after noticing unusual connections to this app while analyzing command-and-control infrastructure for the HyperBro remote access trojan malware linked to the APT27 Chinese-backed threat group.
TrendMicro also reported detecting the same campaign and said it found old trojanized versions of MiMi targeting Linux and Windows, with the oldest Linux rshell sample in June 2021 and the first victim being reported back in mid-July 2021.
Once launched, the malware will harvest and send system information to its C2 server and wait for commands from the APT27 threat actors.
Since March 2021, the group has been breaching and infecting servers running vulnerable Zoho AdSelf Service Plus software-a password management solution for cloud apps and Active Directory-with several malware strains, including the HyperBro RAT. These attacks compromised at least nine entities from critical sectors worldwide, including defense, healthcare, energy, and technology.
News URL
Related news
- Chinese hackers target Linux with new WolfsBane malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)