Security News > 2022 > August > Chinese hackers backdoor chat app with new Linux, macOS malware
Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor that can be used to steal data from Linux and macOS systems.
SEKOIA's Threat & Detection Research Team says that the app's macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022.
They discovered this after noticing unusual connections to this app while analyzing command-and-control infrastructure for the HyperBro remote access trojan malware linked to the APT27 Chinese-backed threat group.
TrendMicro also reported detecting the same campaign and said it found old trojanized versions of MiMi targeting Linux and Windows, with the oldest Linux rshell sample in June 2021 and the first victim being reported back in mid-July 2021.
Once launched, the malware will harvest and send system information to its C2 server and wait for commands from the APT27 threat actors.
Since March 2021, the group has been breaching and infecting servers running vulnerable Zoho AdSelf Service Plus software-a password management solution for cloud apps and Active Directory-with several malware strains, including the HyperBro RAT. These attacks compromised at least nine entities from critical sectors worldwide, including defense, healthcare, energy, and technology.
News URL
Related news
- Iranian hackers pose as journalists to push backdoor malware (source)
- Kimsuky hackers deploy new Linux backdoor via trojanized installers (source)
- Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (source)
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)
- New XZ backdoor scanner detects implant in any Linux binary (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- Vietnam-Based Hackers Steal Financial Data Across Asia with Malware (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)