ClickCease Luckymouse Takes aim at Windows, Linux Systems via Mimi Chat App - TuxCare

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Luckymouse Takes aim at Windows, Linux Systems via Mimi Chat App

Obanla Opeyemi

August 24, 2022 - TuxCare expert team

According to an advisory published by Trend Micro, the Luckymouse threat actor is said to have compromised the cross-platform messaging app MiMi to install backdoors on Windows, macOS and Linux.

Trend Micro explained that the attacker, who also identifies as Emissary Panda, APT27 and Bronze Union, modifies installer files and uses the armed version of the chat platform MiMi to install remote access trojan samples.

After modifying installer files, Luckymouse would download the weaponized version of MiMi and install remote access trojan (RAT) HyperBro samples for the Windows operating system and a Mach-O binary called “rshell” for Linux and macOS.

“While this was not the first time the technique was used, this latest development shows Iron Tiger’s interest in compromising victims using the three major platforms: Windows, Linux and macOS. While we were unable to identify all the targets, these targeting demographics demonstrate a geographical region of interest. Among those targets, we could only identify one of them, a Taiwanese gaming development company,” Trend Micro Advisory states.

In a separate advisory published by the security firm SEKOIA, the Luckymouse MiMi attack was attributed to Chinese actors.

“As this application’s use in China appears low, it is plausible it was developed as a targeted surveillance tool. It is also likely that, following social engineering carried out by the operator’s, targeted users are encouraged to download this application, purportedly to circumvent Chinese authorities’ censorship,” SEKOIA explained in its advisory.

The sources for this piece include an article in OODALOOP.

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023

Bitdefender releases decryptor for MegaCortex...

Bitdefender experts have created a universal decryptor for victims of...

January 20, 2023