Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains

Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. "The operation covers VPN clients, encrypted messengers, video conferencing tools,...

HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks

Chinese-speaking users are the target of a search engine optimization SEO poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet...

Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics

Chinese-speaking users are the target of an ongoing campaign that distributes a malware known as ValleyRAT. "ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage," Fortinet FortiGuard Labs...

New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack

A sophisticated ValleyRAT campaign is targeting Chinese Windows users. Learn about the malwares multi-stage attack, its ability to…...

Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site

The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website "chrome-web.com" serving malicious installer packages...

New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers

Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer MSI files for virtual private networks VPNs to deliver a command-and-control C&C framework called Winos 4.0. "The campaign also promotes compromised...

Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike. "The malicio...

Malicious Google Ads Target Chinese Users, Covertly Delivering RATs

Summary: Chinese-speaking users are being targeted in an ongoing malvertising campaign that leverages Google ads. The threat actor employs Google advertiser accounts to create deceptive ads that lure users into downloading Remote Administration Trojans RATs. The malicious ads are designed to mimi...

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will...

Malicious ads for restricted messaging applications target Chinese users

An ongoing campaign of malicious ads has been targeting Chinese-speaking users with lures for popular messaging applications such as Telegram or LINE with the intent of dropping malware. Interestingly, software like Telegram is heavily restricted and was previously banned in China. Many Google...

Water Orthrus Targets Chinese Users with CopperStealth and CopperPhish

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Water Orthrus has recently launched two new campaigns, CopperStealth and CopperPhish, where CopperStealth employs rootkit techniques, while CopperPhish globally distributes a phishing kit through PPI...

Binance Hackers Minted $569M in Crypto—Then It Got Complicated

Plus: The US warns of a mysterious military contractor breach, a "poisoned" version of the Tor Browser is tracking Chinese users, and more...

Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users

Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. "These malicious apps were able to steal victims' secret seed phrases by...

Apple Moves iCloud Data and Encryption Keys for Chinese Users to China

Apple has finally agreed to open a new Chinese data center next month to comply with the country's latest controversial data protection law. Apple will now move the cryptographic keys of its Chinese iCloud users in data centers run by a state-owned company called Cloud Big Data Industrial...

Rotten Apples: Resurgence

In June 2016, we published a blog about a phishing campaign targeting the Apple IDs and passwords of Chinese Apple users that emerged in the first quarter of 2016 referred to as the “Zycode” phishing campaign. At FireEye Labs we have an automated system designed to proactively detect newly...

DualToy Windows Trojan Attacks Android, iOS Devices

A Windows Trojan called DualToy has been discovered that can side load malicious apps onto Android and iOS devices via a USB connection from an infected computer. Researchers from Palo Alto Networks said DualToy has been in existence since January 2015, and it originally was limited to installing...

Canonical to create UbuntuKylin OS for Chinese users

Canonical, the software company that manages and funds Ubuntu, announced to develop a new, open-source operating system customized especially for Chinese users called 'UbuntuKylin OS'. According to the BBC, Chinese government and Canonical partner to launch its home grown operating system. China...

Mobile Malware Dubbed 'Bill Shocker' Targets Chinese Android Users

A new bit of malware is targeting popular apps on Android mobile devices to spew costly spam. Beijing- and Dallas-based NQ Mobile said at least 600,000 Chinese users have been hit with the malicious code named “Bill Shocker” a.expense.Extension.a because it runs up the bills of infected users whi...

P2P Foxy Out of Memory Denial of Service Exploit

Exploit for unknown platform in category dos / poc ================================================ P2P Foxy Out of Memory Denial of Service Exploit ================================================ P2P Foxy Out of memory Exploit Vulnerability Discovered by Styxosaurus Styxosaurus at gmail dot com...

P2P Foxy - Out of Memory Denial of Service

P2P Foxy - Out of Memory Denial of Service P2P Foxy Out of memory Exploit Vulnerability Discovered by Styxosaurus Styxosaurus at gmail dot com Foxy is one of the most popular P2P software in Chinese users http://tw.gofoxy.net/ It starts to request more memory and freeze as when "&fs=" meet some...