Security News > 2023 > July > Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware

The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg.

"Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices, an established threat actor like APT 41 including mobile in its arsenal of malware shows how mobile endpoints are high-value targets with coveted corporate and personal data," Lookout said in a report shared with The Hacker News.

Lookout said it first detected WyrmSpy as early as 2017 and DragonEgg at the start of 2021, with new samples of the latter spotted as recently as April 2023.

"The discovery of WyrmSpy and DragonEgg is a reminder of the growing threat posed by advanced Android malware," Kristina Balaam, a senior threat researcher at Lookout, said.

The findings come as Mandiant disclosed the evolving tactics adopted by Chinese espionage crews to fly under the radar, including weaponizing networking devices and virtualization software, employing botnets to obfuscate traffic between C2 infrastructure and victim environments, and tunneling malicious traffic inside of victim networks through compromised systems.

"Use of botnets, proxying traffic in a compromised network, and targeting edge devices are not new tactics, nor are they unique to Chinese cyber espionage actors," the Google-owned threat intelligence firm said.

News URL

https://thehackernews.com/2023/07/chinese-apt41-hackers-target-mobile.html