Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Our partner program is designed with flexibility in mind for partners who are at various stages of their business lifecycle. With financial investment and dedicated resources, you will continue to grow with TuxCare.
Would you like to work with a leader in open source and Linux security that values innovation and partnerships?
Partners receive benefits that are designed to reward the commitment that they have made to the sale of our products and services.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
August 24, 2022
linux, Luckymouse, macOS, MiMi
According to an advisory published by Trend Micro, the Luckymouse threat actor is said to have compromised the cross-platform messaging app MiMi to install backdoors on Windows, macOS and Linux.
Trend Micro explained that the attacker, who also identifies as Emissary Panda, APT27 and Bronze Union, modifies installer files and uses the armed version of the chat platform MiMi to install remote access trojan samples.
After modifying installer files, Luckymouse would download the weaponized version of MiMi and install remote access trojan (RAT) HyperBro samples for the Windows operating system and a Mach-O binary called “rshell” for Linux and macOS.
“While this was not the first time the technique was used, this latest development shows Iron Tiger’s interest in compromising victims using the three major platforms: Windows, Linux and macOS. While we were unable to identify all the targets, these targeting demographics demonstrate a geographical region of interest. Among those targets, we could only identify one of them, a Taiwanese gaming development company,” Trend Micro Advisory states.
In a separate advisory published by the security firm SEKOIA, the Luckymouse MiMi attack was attributed to Chinese actors.
“As this application’s use in China appears low, it is plausible it was developed as a targeted surveillance tool. It is also likely that, following social engineering carried out by the operator’s, targeted users are encouraged to download this application, purportedly to circumvent Chinese authorities’ censorship,” SEKOIA explained in its advisory.
The sources for this piece include an article in OODALOOP.
Tell us your challenges and our experts will help you find the best approach to address them with the TuxCare product line.
Tech Support
Login
Contact Us