An advanced persistent threat (APT) group from China, known as Evasive Panda, has been discovered to be hijacking legitimate software update channels of Chinese-developed applications to deliver custom malware to individuals in China and Nigeria for cyber-espionage purposes. Researchers from Eset discovered that when performing automated updates, a legitimate application software component downloaded MgBot backdoor installers from legitimate URLs and IP addresses. The modular malware allows Evasive Panda to spy on victims and enhance its capabilities on the go.
The APT group’s activity was fairly easy to attribute to Evasive Panda as researchers have never observed any other threat actors using the MgBot backdoor. The attacks have been ongoing for two years, and the primary goal is to steal credentials and data for espionage purposes. This is another example of state-sponsored actors’ increasing sophistication and persistence in cyberspace.
Using legitimate software update channels is a clever technique employed by the group to avoid detection by traditional security measures. Once the malware is delivered through the update, it can operate in the background undetected, and the APT group can exfiltrate sensitive information from the victim’s device.
This discovery highlights the importance of maintaining a secure software supply chain and the need for constant vigilance in monitoring the activit
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: