Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 4 July, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside

by Guru Writer
June 23, 2022
in Cyber Bites
Lines of Code
Share on FacebookShare on Twitter

Israeli cybersecurity company Check point said in a report that they had found a threat cluster, tied to the hacking group Tropic Trooper, which had been spotted using a previously undocumented malware coded in Nim language.

Tropic Trooper, also known by the monikers Earth Centaur, KeyBoy, and Pirate Panda, has a track record of striking targets located in Taiwan, Hong Kong, and the Philippines, primarily focusing on government, healthcare, transportation, and high-tech industries.

The novel malware, dubbed Nimbda, is “bundled with a Chinese language greyware ‘SMS Bomber’ tool that is most likely illegally distributed in the Chinese-speaking web” and is being used to strike targets as part of a newly discovered campaign.

“Whoever crafted the Nim loader took special care to give it the same executable icon as the SMS Bomber that it drops and executes,” the researchers said. “Therefore the entire bundle works as a trojanized binary.”

An SMS Bomber is a technique which, as the name mentions, renders a phone number unusable via a barrage of denial-of-service (Ddos).

The latest attack began with the tampered SMS Bomber tool which launched an embedded executable while also injecting a separate piece of shell-code in a notepad.exe process.

This initial attack kicks of an infection process where the infected program downloads a next-stage binary from an obfuscated IP address specified in a markdown file that’s hosted in an attacker-controlled GitHub or Gitee repository.

The retrieved binary is an upgraded version of a trojan named Yahoyah that’s designed to collect information about local wireless networks in the victim machine’s vicinity as well as other system metadata and exfiltrate the details back to a command-and-control (C2) server.

“The observed activity cluster paints a picture of a focused, determined actor with a clear goal in mind,” the researchers concluded.

 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Ukrainian cybersecurity officials disclose two new hacking campaigns

Next Post

Microsoft Office 365 Feature Could Help Ransomware Attackers Infiltrate Cloud Files

Recent News

Greg Kelton

A shifting paradigm – Virsec’s deterministic approach to cybersecurity

July 4, 2022
TikTok Assures U.S. Lawmakers That They Are Working to Further Safeguard User Data From Chinese Staff

TikTok Assures U.S. Lawmakers That They Are Working to Further Safeguard User Data From Chinese Staff

July 4, 2022
UK Government Acquires Its First Quantum Computer

Threat Actor Group Claims Responsibility for High Profile University Hacks

July 4, 2022
Microsoft Office Building

Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group

July 4, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information