Tencent users targeted by dangerous mobile malware

A handful of NGO members targeted with an infostealer

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers from ESET have detected a highly targeted, advanced cyber-espionage campaign abusing a legitimate Chinese messaging app to deliver a potent infostealer.

In the campaign, a threat actor known as Evasive Panda used an update to the Tencent QQ messaging app to deliver an infostealingmalwareknown as MsgBot.

MsgBot is capable of many things, including logging keys on specific Tencent apps, stealing files from hard drives and USB disks, monitoring the clipboard, grabbing input and output audio streams, stealing passwords for Outlook and Foxmail, as well as the credentials and cookies stored in popular browsers (Chrome, Firefox, Opera, and others). It can also steal message history from the Tencent QQ app, and information from Tencent WeChat.

Targeting NGOs

The attackers did not cast a wide net with this infostealer. In fact, they targeted a handful of people. ESET says that the majority of the targets were members of an international non-government organization (NGO) located in three separate Chinese provinces: Gansu, Guangdong, and Jiangsu.

The group behind the campaign, called Evasive Panda, has allegedly been active for more than a decade (since 2012) and has, during that time, targeted countless organizations and individuals in China, Hong Kong, Macao, and other countries around Asia. This particular campaign has been active for more than three years, ESET claims, saying it most likely began back in 2020.

A nasty new infostealer malware is landing in email inboxes>This new malware has emerged from the dark web and is after your data>These are the top ID theft protection tools today

While the researchers know who runs the campaign, who the targets are, and which tools are being used, the “how” remains a mystery. ESET currently has two possible scenarios of how Evasive Panda infected these endpoints with MsgBot - either a supply chain attack or an adversary-in-the-middle attack.

With a supply chain attack, Evasive Panda would need to infiltrate Tencent’s network, identify an upcoming update for the Tencent QQ app and infect it with malware. In an adversary-in-the-middle attack, the payload would need to be hijacked and trojanized in transit.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Both scenarios are plausible, ESET says.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)