Malicious Signal, Line, and Gmail Installers Target Chinese-Speaking Users with Backdoors
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A malicious campaign is targeting Chinese-speaking users by distributing backdoored executables through fake download pages for popular apps like Signal, Line, and Gmail. The attackers use seemingly unrelated domain names and rely on search engine manipulation to lure victims. The malware follows a consistent execution pattern, involving temporary file extraction, process injection, security modifications, and network communications. It exhibits infostealer-like functionality and has been identified as 'MicroClip'. The campaign uses centralized infrastructure hosted on Alibaba servers in Hong Kong. Users are advised to be cautious of unofficial download sites and verify software sources to protect against such threats.
OPENCTI LABELS :
backdoor,infostealer,search engine manipulation,line,chinese-speaking,microclip,gmail,fake download,signal
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Malicious Signal, Line, and Gmail Installers Target Chinese-Speaking Users with Backdoors