Security News > 2022 > August > Chinese hackers backdoor chat app with new Linux, macOS malware
Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor that can be used to steal data from Linux and macOS systems.
SEKOIA's Threat & Detection Research Team says that the app's macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022.
They discovered this after noticing unusual connections to this app while analyzing command-and-control infrastructure for the HyperBro remote access trojan malware linked to the APT27 Chinese-backed threat group.
TrendMicro also reported detecting the same campaign and said it found old trojanized versions of MiMi targeting Linux and Windows, with the oldest Linux rshell sample in June 2021 and the first victim being reported back in mid-July 2021.
Once launched, the malware will harvest and send system information to its C2 server and wait for commands from the APT27 threat actors.
Since March 2021, the group has been breaching and infecting servers running vulnerable Zoho AdSelf Service Plus software-a password management solution for cloud apps and Active Directory-with several malware strains, including the HyperBro RAT. These attacks compromised at least nine entities from critical sectors worldwide, including defense, healthcare, energy, and technology.
News URL
Related news
- Chinese hackers use new data theft malware in govt attacks (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese hackers linked to cybercrime syndicate arrested in Singapore (source)
- 'Hadooken' Linux malware targets Oracle WebLogic servers (source)
- New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency (source)
- New Linux malware Hadooken targets Oracle WebLogic servers (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese botnet infects 260,000 SOHO routers, IP cameras with malware (source)