1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Tencent users targeted by dangerous mobile malware

    From TechnologyDaily@1337:1/100 to All on Thu Apr 27 16:00:04 2023
    Tencent users targeted by dangerous mobile malware

    Date:
    Thu, 27 Apr 2023 14:43:26 +0000

    Description:
    ESET spots a highly targeted, advanced cyber-espionage campaign attacking Tencent users.

    FULL STORY ======================================================================

    Cybersecurity researchers from ESET have detected a highly targeted, advanced cyber-espionage campaign abusing a legitimate Chinese messaging app to
    deliver a potent infostealer.

    In the campaign, a threat actor known as Evasive Panda used an update to the Tencent QQ messaging app to deliver an infostealing malware known as MsgBot.

    MsgBot is capable of many things, including logging keys on specific Tencent apps, stealing files from hard drives and USB disks, monitoring the
    clipboard, grabbing input and output audio streams, stealing passwords for Outlook and Foxmail, as well as the credentials and cookies stored in popular browsers (Chrome, Firefox, Opera, and others). It can also steal message history from the Tencent QQ app, and information from Tencent WeChat. Targeting NGOs

    The attackers did not cast a wide net with this infostealer. In fact, they targeted a handful of people. ESET says that the majority of the targets were members of an international non-government organization (NGO) located in
    three separate Chinese provinces: Gansu, Guangdong, and Jiangsu.

    The group behind the campaign, called Evasive Panda, has allegedly been
    active for more than a decade (since 2012) and has, during that time,
    targeted countless organizations and individuals in China, Hong Kong, Macao, and other countries around Asia. This particular campaign has been active for more than three years, ESET claims, saying it most likely began back in 2020. Read more

    A nasty new infostealer malware is landing in email inboxes


    This new malware has emerged from the dark web and is after your data


    These are the top ID theft protection tools today

    While the researchers know who runs the campaign, who the targets are, and which tools are being used, the how remains a mystery. ESET currently has two possible scenarios of how Evasive Panda infected these endpoints with MsgBot
    - either a supply chain attack or an adversary-in-the-middle attack.

    With a supply chain attack, Evasive Panda would need to infiltrate Tencents network, identify an upcoming update for the Tencent QQ app and infect it
    with malware. In an adversary-in-the-middle attack, the payload would need to be hijacked and trojanized in transit.

    Both scenarios are plausible, ESET says. These are the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/tencent-users-targeted-by-dangerous-mobile-malw are


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)