Chinese Malware Delivery Domains: Part III

SUMMARY :

This report details an ongoing campaign by a threat actor operating during Chinese time zone hours, targeting Chinese-speaking individuals and entities globally. Since June 2023, the actor has created over 2,800 domains for malware delivery, primarily targeting Windows systems through fake application download sites and update prompts. The actor has made operational changes, including anti-automation measures, reduced site tracker services, increased server distribution, and more discreet registration details. The campaign uses fake login pages, marketing apps, and cryptocurrency-related apps to distribute malware. The actor's motivations appear to be financially driven, potentially including credential theft, financial theft, and access brokering. The report emphasizes the importance of user awareness, enhanced security measures, and multi-layered defense strategies to counter this persistent threat.

OPENCTI LABELS :

phishing,windows,cryptocurrency,fake-updates


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Chinese Malware Delivery Domains: Part III