China-linked threat actors Iron Tiger backdoored a version of the cross-platform messaging app MiMi to infect systems.
Trend Micro researchers uncovered a new campaign conducted by a China-linked threat actor Iron Tiger that employed a backdoored version of the cross-platform messaging app MiMi Chat App to infect Windows, Mac, and Linux systems.
Trend Micro experts discovered a server hosting both a HyperBro sample and a malicious Mach-O executable named “rshell.” While HyperBro is a malware family that is associated with APT27 operations, the Mach-O sample appears to be a new malware family targeting the Mac OS platform. The researchers also found samples compiled to infect Linux systems.
The Chinese hackers compromised the installers of the chat application MiMi and the malicious code was used to download and install HyperBro samples for the Windows operating system and rshell for Linux and macOS.
This appears as a supply chain attack because the Iron Tiger APT compromised the server hosting the legitimate installers for this MiMi chat application.
