1. MOONSHINE Exploit Kit:
– Targets Chromium-based browsers and applications
– Exploits multiple known vulnerabilities
– Specifically targets apps like Chrome, WeChat, LINE, QQ, and Zalo
2. DarkNimbus Backdoor:
– Cross-platform malware affecting both Android and Windows
– Uses XMPP protocol for command and control
– Capabilities include:
* Data theft (contacts, messages, browser data)
* Device surveillance (screenshots, call recording)
* Remote command execution
* Access to multiple messaging apps
Attack Method:
– Social engineering via messaging apps
– Malicious links leading to 55+ exploit servers
– Browser engine downgrade attacks when direct exploitation fails
Geographic Scope:
Affects 17 countries including Australia, Canada, France, Germany, India, Japan, and the US.
Security Implications:
– Sophisticated operation with evolving tools
– Shared infrastructure with other threat actors
– Regular software updates required for protection
– Primarily targets specific ethnic communities