Security News > 2022 > August > Chinese hackers backdoor chat app with new Linux, macOS malware

Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor that can be used to steal data from Linux and macOS systems.

SEKOIA's Threat & Detection Research Team says that the app's macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022.

They discovered this after noticing unusual connections to this app while analyzing command-and-control infrastructure for the HyperBro remote access trojan malware linked to the APT27 Chinese-backed threat group.

TrendMicro also reported detecting the same campaign and said it found old trojanized versions of MiMi targeting Linux and Windows, with the oldest Linux rshell sample in June 2021 and the first victim being reported back in mid-July 2021.

Once launched, the malware will harvest and send system information to its C2 server and wait for commands from the APT27 threat actors.

Since March 2021, the group has been breaching and infecting servers running vulnerable Zoho AdSelf Service Plus software-a password management solution for cloud apps and Active Directory-with several malware strains, including the HyperBro RAT. These attacks compromised at least nine entities from critical sectors worldwide, including defense, healthcare, energy, and technology.

News URL

https://www.bleepingcomputer.com/news/security/chinese-hackers-backdoor-chat-app-with-new-linux-macos-malware/