FlagThis

CyberSecurity updates
2025-01-31 06:27:50 Pacfic
do son @ Malware Archives
MOONSHINE Exploit Kit and DarkNimbus Backdoor - 24d
Read more: securityonline.info

Cybersecurity researchers at Trend Micro have uncovered a sophisticated cyberattack campaign targeting the Uyghur and Tibetan communities. The threat actor, known as Earth Minotaur, utilizes the MOONSHINE exploit kit, an advanced tool updated since its initial discovery in 2019, to exploit vulnerabilities in Android messaging applications. This leads to the installation of the DarkNimbus Android backdoor, allowing for extensive surveillance of victims' devices. MOONSHINE targets vulnerabilities in Chromium-based browsers and applications within messaging apps, highlighting the importance of regular software updates for users.

The DarkNimbus backdoor, also found in a Windows version, enables long-term data exfiltration and control. Earth Minotaur employs social engineering tactics, sending carefully crafted messages via instant messaging apps to lure victims into clicking malicious links disguised as innocuous content, such as China-related announcements or videos. At least 55 MOONSHINE servers have been identified, indicating the scale of this operation. The researchers emphasize that the campaign's cross-platform capabilities and advanced techniques underscore the need for increased cybersecurity awareness and proactive measures to mitigate these threats.

Original img attribution: https://securityonline.info/wp-content/uploads/2024/10/hacker-1952027_1280.jpg
ImgSrc: securityonline.info
References:
  • @VirusBulletin - Trend Micro's Joseph C Chen & Daniel Lunghi investigate a group named Earth Minotaur that used the MOONSHINE exploit kit leading to the DarkNimbus Android backdoor. The MOONSHINE exploit kit targets v - 24d
  • Trend Micro Research, News and Perspectives - Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor - 24d
  • The Hacker News - Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor - 24d
  • Malware Archives ? Cybersecurity News - A sophisticated cyber campaign orchestrated by the threat actor Earth Minotaur has been uncovered by Trend Micro researchers, exposing their reliance on the MOONSHINE exploit kit and a previously unre - 24d

Classification:
  • HashTags: AndroidMalware ExploitKit DarkNimbus
  • Company: Trend Micro
  • Target: Tibetans and Uyghurs
  • Attacker: Earth Minotaur
  • Product: Android messaging apps
  • Feature: messaging apps vulnerabilities
  • Type: Malware
  • Severity: Medium

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.