• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
chinese hackers distributing sms bomber tool with malware hidden inside

Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside

You are here: Home / General Cyber Security News / Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside
June 23, 2022

A danger cluster with ties to a hacking group known as Tropic Trooper has been spotted applying a formerly undocumented malware coded in Nim language to strike targets as part of a recently uncovered marketing campaign.

The novel loader, dubbed Nimbda, is “bundled with a Chinese language greyware ‘SMS Bomber’ device that is most probable illegally dispersed in the Chinese-speaking web,” Israeli cybersecurity organization Examine Place stated in a report.

“Whoever crafted the Nim loader took special care to give it the exact executable icon as the SMS Bomber that it drops and executes,” the scientists stated. “Consequently the full bundle works as a trojanized binary.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


SMS Bomber, as the identify implies, permits a consumer to enter a phone number (not their individual) so as to flood the victim’s machine with messages and possibly render it unusable in what is actually a denial-of-company (DoS) attack.

CyberSecurity

The actuality that the binary doubles up as SMS Bomber and a backdoor indicates that the attacks are not just aimed at those people who are customers of the tool — a “alternatively unorthodox target” — but also extremely specific in nature.

Tropic Trooper, also acknowledged by the monikers Earth Centaur, KeyBoy, and Pirate Panda, has a track file of putting targets located in Taiwan, Hong Kong, and the Philippines, generally concentrating on govt, health care, transportation, and substantial-tech industries.

Contacting the Chinese-speaking collective “notably sophisticated and perfectly-equipped,” Trend Micro final yr pointed out the group’s capacity to evolve their TTPs to stay beneath the radar and depend on a broad range of custom resources to compromise its targets.

The most up-to-date attack chain documented by Look at Position starts with the tampered SMS Bomber instrument, the Nimbda loader, which launches an embedded executable, in this scenario the authentic SMS bomber payload, when also also injecting a different piece of shellcode into a notepad.exe method.

This kicks off a 3-tier an infection process that entails downloading a future-stage binary from an obfuscated IP handle specified in a markdown file (“EULA.md”) which is hosted in an attacker-controlled GitHub or Gitee repository.

CyberSecurity

The retrieved binary is an upgraded edition of a trojan named Yahoyah which is developed to obtain information about neighborhood wi-fi networks in the victim machine’s vicinity as nicely as other procedure metadata and exfiltrate the specifics again to a command-and-handle (C2) server.

Yahoyah, for its component, also functions as a conduit to fetch the ultimate-stage malware, which is downloaded in the type of an image from the C2 server. The steganographically-encoded payload is a backdoor identified as TClient and has been deployed by the team in past strategies.

“The observed exercise cluster paints a photograph of a concentrated, established actor with a crystal clear intention in brain,” the scientists concluded.

“Generally, when 3rd-party benign (or benign-showing up) equipment are hand-picked to be inserted into an an infection chain, they are picked to be the minimum conspicuous doable the alternative of an ‘SMS Bomber’ resource for this goal is unsettling, and tells a complete story the second 1 dares to extrapolate a motive and an meant target.”

Discovered this report intriguing? Follow THN on Fb, Twitter  and LinkedIn to examine more exclusive information we submit.


Some components of this article are sourced from:
thehackernews.com

Previous Post: «how secure is gmail? How secure is Gmail?
Next Post: #InfosecurityEurope2022: The Power of Narrative in Highlighting OT System Risks Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.