Security News > 2022 > October > New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A previously undocumented command-and-control framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems.
"Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run arbitrary commands," Cisco Talos said in a report shared with The Hacker News.
The discovery of Alchimist and its assorted family of malware implants comes three months after Talos also detailed another self-contained framework known as Manjusaka, which has been touted as the "Chinese sibling of Sliver and Cobalt Strike."
Alchimist C2 panel further features the ability to generate PowerShell and wget code snippets for Windows and Linux, potentially allowing an attacker to flesh out their infection chains to distribute the Insekt RAT payload. The instructions could then be embedded in a maldoc attached to a phishing email that, when opened, downloads and launches the backdoor on the compromised machine.
The trojan, for its part, is equipped with features typically present in backdoors of this kind, enabling the malware to get system information, capture screenshots, run arbitrary commands, and download remote files, among others.
Ssh" directory and even adding new SSH keys to the "~/.ssh/authorized keys" file to facilitate remote access over SSH. But in a sign that the threat actor behind the operation also has macOS in their sights, Talos said it uncovered a Mach-O dropper that exploits the PwnKit vulnerability to achieve privilege escalation.
News URL
https://thehackernews.com/2022/10/new-chinese-malware-attack-framework.html
Related news
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)