Israeli cybersecurity company Check point said in a report that they had found a threat cluster, tied to the hacking group Tropic Trooper, which had been spotted using a previously undocumented malware coded in Nim language.

Tropic Trooper, also known by the monikers Earth Centaur, KeyBoy, and Pirate Panda, has a track record of striking targets located in Taiwan, Hong Kong, and the Philippines, primarily focusing on government, healthcare, transportation, and high-tech industries.

The novel malware, dubbed Nimbda, is “bundled with a Chinese language greyware ‘SMS Bomber’ tool that is most likely illegally distributed in the Chinese-speaking web” and is being used to strike targets as part of a newly discovered campaign.

“Whoever crafted the Nim loader took special care to give it the same executable icon as the SMS Bomber that it drops and executes,” the researchers said. “Therefore the entire bundle works as a trojanized binary.”

An SMS Bomber is a technique which, as the name mentions, renders a phone number unusable via a barrage of denial-of-service (Ddos).

The latest attack began with the tampered SMS Bomber tool which launched an embedded executable while also injecting a separate piece of shell-code in a notepad.exe process.

This initial attack kicks of an infection process where the infected program downloads a next-stage binary from an obfuscated IP address specified in a markdown file that’s hosted in an attacker-controlled GitHub or Gitee repository.

The retrieved binary is an upgraded version of a trojan named Yahoyah that’s designed to collect information about local wireless networks in the victim machine’s vicinity as well as other system metadata and exfiltrate the details back to a command-and-control (C2) server.

“The observed activity cluster paints a picture of a focused, determined actor with a clear goal in mind,” the researchers concluded.


The post Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside appeared first on IT Security Guru.


You May Also Like

New attack method could disrupt electric vehicle charging

Academics from the University of Oxford and Armasuisse S+T have identified a…

NIST analysis shows record number of reported vulnerabilities in 2021

The National Institute of Standards and Technology (NIST) released analysis showing the number…

UK companies Omniscope and Searchlight Security team up to provide next-level threat intelligence

Two UK cybersecurity companies Searchlight Security, the provider of specialist deep and…