Sophisticated malware spread via legitimate software update mechanisms

BleepingComputer reports that organizations and individuals in China, Japan, and the UK have been targeted by the newly discovered sophisticated China-linked Blackwood threat operation in cyberespionage attacks deploying the advanced NSPX30 malware via update mechanisms for legitimate software. Adversary-in-the-middle intrusions have been leveraged by Blackwood to take over legitimate software update requests from WPS Office, Tencent QQ, and Sogou Pinyin, which would then be injected with the NSPX30 backdoor, a report from ESET revealed. Despite being related to other Project Wood backdoor-based implants such as DCM, also known as Dark Specter, the NSPX30 malware not only has a sophisticated multistage architecture but also packet interception capabilities, according to researchers. Aside from exfiltrating system files, credentials, files, and hardware and network information, NSPX30 could also allow the chat log and contact list theft from Telegram, Skype, WeChat, Tencent QQ, and other messaging apps, as well as enable reverse shell creation and self-uninstallation.