Software updates leveraged for MgBot malware distribution

SecurityWeek reports that China-based members of an international non-governmental organization have been targeted by the Chinese advanced persistent threat operation Evasive Panda, also known as Daggerfly and Bronze Highland, with the MgBot backdoor, which has been distributed through legitimate Chinese software updates. Evasive Panda may have conducted a supply chain attack on the update servers of Tencent's QQ app or adversary-in-the-middle intrusions to facilitate MgBot backdoor delivery, a report from ESET showed. Widely used Tencent apps, including QQ, QQBrowser, WeChat, and Foxmail are being targeted by MgBot's plugins. Aside from compromising keystrokes and recording audio content, MgBot also has the capability to exfiltrate app credentials, clipboard content, and browser cookies. "With access to ISP backbone infrastructure through legal or illegal means Evasive Panda would be able to intercept and reply to the update requests performed via HTTP, or even modify packets on the fly," said ESET.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.