Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
August 24, 2022 - TuxCare expert team
According to an advisory published by Trend Micro, the Luckymouse threat actor is said to have compromised the cross-platform messaging app MiMi to install backdoors on Windows, macOS and Linux.
Trend Micro explained that the attacker, who also identifies as Emissary Panda, APT27 and Bronze Union, modifies installer files and uses the armed version of the chat platform MiMi to install remote access trojan samples.
After modifying installer files, Luckymouse would download the weaponized version of MiMi and install remote access trojan (RAT) HyperBro samples for the Windows operating system and a Mach-O binary called “rshell” for Linux and macOS.
“While this was not the first time the technique was used, this latest development shows Iron Tiger’s interest in compromising victims using the three major platforms: Windows, Linux and macOS. While we were unable to identify all the targets, these targeting demographics demonstrate a geographical region of interest. Among those targets, we could only identify one of them, a Taiwanese gaming development company,” Trend Micro Advisory states.
In a separate advisory published by the security firm SEKOIA, the Luckymouse MiMi attack was attributed to Chinese actors.
“As this application’s use in China appears low, it is plausible it was developed as a targeted surveillance tool. It is also likely that, following social engineering carried out by the operator’s, targeted users are encouraged to download this application, purportedly to circumvent Chinese authorities’ censorship,” SEKOIA explained in its advisory.
The sources for this piece include an article in OODALOOP.
Learn About Live Patching with TuxCare
Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...
Deep Instinct researchers reported that RATs like StrRAT and Ratty...
According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...
A remote attacker could exploit multiple vulnerabilities in four Cisco...
In a notable IcedID malware attack, the assailant impacted the...
Bitdefender experts have created a universal decryptor for victims of...