Security News > 2023 > July > Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware
The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg.
"Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices, an established threat actor like APT 41 including mobile in its arsenal of malware shows how mobile endpoints are high-value targets with coveted corporate and personal data," Lookout said in a report shared with The Hacker News.
Lookout said it first detected WyrmSpy as early as 2017 and DragonEgg at the start of 2021, with new samples of the latter spotted as recently as April 2023.
"The discovery of WyrmSpy and DragonEgg is a reminder of the growing threat posed by advanced Android malware," Kristina Balaam, a senior threat researcher at Lookout, said.
The findings come as Mandiant disclosed the evolving tactics adopted by Chinese espionage crews to fly under the radar, including weaponizing networking devices and virtualization software, employing botnets to obfuscate traffic between C2 infrastructure and victim environments, and tunneling malicious traffic inside of victim networks through compromised systems.
"Use of botnets, proxying traffic in a compromised network, and targeting edge devices are not new tactics, nor are they unique to Chinese cyber espionage actors," the Google-owned threat intelligence firm said.
News URL
https://thehackernews.com/2023/07/chinese-apt41-hackers-target-mobile.html
Related news
- Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017 (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese hackers breached T-Mobile's routers to scope out network (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers (source)