Security News > 2023 > April > Tencent QQ users hacked in mysterious malware attack, says ESET
A Chinese APT hacking group known as 'Evasive Panda' is linked to a mysterious attack that distributed the MsgBot malware as part of an automatic update for the Tencent QQ messaging app.
ESET reports that the malicious MsgBot malware payload was delivered to victims as a Tencent QQ software update from legitimate URLs and IP addresses belonging to the software developer.
This means there can be two possible scenarios for the attack - a supply chain attack or an adversary-in-the-middle attack.
BleepingComputer contacted both ESET and Tencent with further questions about the attack.
Stealing the content of the Tencent QQ database that stores the user's message history.
In conclusion, the Evasive Panda APT was found targeting users in China, aiming to steal data mostly from Chinese apps, leveraging an unclear method to perform a supply chain attack on Tencent QQ software.
News URL
Related news
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- SK Telecom warns customer USIM data exposed in malware attack (source)