A Chinese instant messaging app called "MiMi" has been hacked to deliver a new backdoor called "rshell" that can be used to steal data from Linux and Mac computers. Since May 26, 2022, the app's macOS 2.3.0 version has had a backdoor, according to SEKOIA's Threat & Detection Research Team. The malware was linked to APT27 because it used the same IP address range and some of the same infrastructure (backdooring a messaging app in Operation StealthyTrident and packing malicious code with the Dean Edwards Javascript packer). At this point, SEKOIA doesn't know what the goal of this campaign is. Researchers say that because this app doesn't seem to be used much in China, it's likely that it was made to spy on specific people.
Gersang Hack
2ff7e9595c
Comments