Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor, according to a new report from Trend Micro.
A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs, according to Trend Micro resarchers.
“Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a cross-platform threat,” Trend Micro researchers Joseph C Chen and Daniel Lunghi said in an analysis published on Decemnber 5, 2024.
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primarily affecting Tibetan and Uyghur communities.
They also discovered an unreported Android backdoor, DarkNimbus, that was used by Earth Minotaur. This backdoor also has a Windows version.
Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a cross-platform threat.
MOONSHINE exploits multiple known vulnerabilities in Chromium-based browsers and applications, requiring users to update software regularly to prevent attacks.
Countries affected by Earth Minotaur’s attacks span Australia, Belgium, Canada, France, Germany, India, Italy, Japan, Nepal, the Netherlands, Norway, Russia, Spain, Switzerland, Taiwan, Turkey, and the U.S.
An exploit kit, it’s known to make use of various Chrome browser exploits with an aim to deploy payloads that can siphon sensitive data from compromised devices. Particularly, it incorporates code to target various applications like Google Chrome, Naver, and instant messaging apps like LINE, QQ, WeChat, and Zalo that embed an in-app browser.
Be First to Comment