Tencent users targeted by dangerous mobile malware

News
By published

A handful of NGO members targeted with an infostealer

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Cybersecurity researchers from ESET have detected a highly targeted, advanced cyber-espionage campaign abusing a legitimate Chinese messaging app to deliver a potent infostealer.

In the campaign, a threat actor known as Evasive Panda used an update to the Tencent QQ messaging app to deliver an infostealing malware known as MsgBot.

MsgBot is capable of many things, including logging keys on specific Tencent apps, stealing files from hard drives and USB disks, monitoring the clipboard, grabbing input and output audio streams, stealing passwords for Outlook and Foxmail, as well as the credentials and cookies stored in popular browsers (Chrome, Firefox, Opera, and others). It can also steal message history from the Tencent QQ app, and information from Tencent WeChat.

Targeting NGOs

The attackers did not cast a wide net with this infostealer. In fact, they targeted a handful of people. ESET says that the majority of the targets were members of an international non-government organization (NGO) located in three separate Chinese provinces: Gansu, Guangdong, and Jiangsu. 

The group behind the campaign, called Evasive Panda, has allegedly been active for more than a decade (since 2012) and has, during that time, targeted countless organizations and individuals in China, Hong Kong, Macao, and other countries around Asia. This particular campaign has been active for more than three years, ESET claims, saying it most likely began back in 2020.

Read more

> A nasty new infostealer malware is landing in email inboxes

> This new malware has emerged from the dark web and is after your data

> These are the top ID theft protection tools today

While the researchers know who runs the campaign, who the targets are, and which tools are being used, the “how” remains a mystery. ESET currently has two possible scenarios of how Evasive Panda infected these endpoints with MsgBot - either a supply chain attack or an adversary-in-the-middle attack. 

With a supply chain attack, Evasive Panda would need to infiltrate Tencent’s network, identify an upcoming update for the Tencent QQ app and infect it with malware. In an adversary-in-the-middle attack, the payload would need to be hijacked and trojanized in transit. 

Both scenarios are plausible, ESET says.

Via: BleepingComputer

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
China-linked cyberespionage group PlushDaemon used South Korean VPN service to inject malware
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
QR Code
Hackers are targeting Signal with new QR code-linked cyberattack
China
Chinese hackers develop effective new hacking technique to go after business networks
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Businessman holding a magnifier and searching for a hacker within a business team.
Cloud streaming hoster StreamElements confirms data breach following attack
Latest in News
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
More about security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Isometric demonstrating multi-factor authentication using a mobile device.

NCSC gets influencers to sing the praises of 2FA
cheap Nintendo Switch game deals sales

Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
See more latest
Most Popular
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
The cast of Black Mirror season 7
Everything new on Netflix in April 2025 – including Black Mirror season 7 and Love on the Spectrum
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Businessman holding a magnifier and searching for a hacker within a business team.
Cloud streaming hoster StreamElements confirms data breach following attack
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does