Safety Detectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

Chinese Hacking Group Delivers Malware Through Legitimate Apps

Tyler Cross
Tyler Cross
Tyler Cross Tyler Cross

Researchers at ESET, a respected cybersecurity company, found that malware was being delivered to Chinese citizens through legitimate companies.

Hackers were able to exploit the backdoors of several Chinese companies in order to slip malware into regular software updates. The researchers have strong confidence that the Chinese hacking group, Evasive Panda, is behind the attack. ESET found that the malware was delivered through the use of the MGBot backdoor, the signature backdoor used by Evasive Panda.

“Evasive Panda uses a custom backdoor known as MgBot, which was publicly documented in 2014 and has seen little evolution since then; to the best of our knowledge, the backdoor has not been used by any other group.” said ESET, before asserting that it was Evasive Panda with “high confidence.”

The hacker group has been around since at least 2012 and operates under multiple aliases, like Daggerfly and BRONZE HIGHLAND. Its go-to method of attack is to implement its own custom framework into vulnerable systems that allows the group to insert its MgBot back door and deploy malware on victims’ machines.

“ESET Research has observed the group conducting cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria,” ESET reported. “Government entities were targeted in China, Macao, and Southeast and East Asian countries, specifically Myanmar, the Philippines, Taiwan, and Vietnam, while other organizations in China and Hong Kong were also targeted.”

This time, the researchers discovered a broader malware campaign going back to 2020, when Malwarebytes released a report detailing the MgBot being used. However, they aren’t sure if the attacks were done via a supply chain attack or compromised internet infrastructure.

What they do know is that the malware spied on Chinese citizens by stealing credentials and sensitive information, including your name, phone number, and even financial information.

If you’ve recently downloaded software updates, be sure to scan your machine with a quality antivirus to make sure no malicious files have been slipped in.

About the Author
Tyler Cross
Tyler Cross
Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."