216.73.216.86

Malicious Signal, Line, and Gmail Installers Target Chinese-Speaking Users with Backdoors

· Published 18/02/2025 22:51 · Modified 19/02/2025 09:26

Export JSON

Essential information

Published
18/02/2025 22:51
Modified
19/02/2025 09:26
Tags
2025-02-18 backdoor chinese-speaking fake download gmail infostealer line microclip search engine manipulation signal
Related entities
7 techniques (mitre), 1 malware, 1 others

Description

A malicious campaign is targeting users by distributing backdoored executables through pages for popular apps like , , and . The attackers use seemingly unrelated domain names and rely on to lure victims. The malware follows a consistent execution pattern, involving temporary file extraction, process injection, security modifications, and network communications. It exhibits -like functionality and has been identified as ''. The campaign uses centralized infrastructure hosted on Alibaba servers in Hong Kong. Users are advised to be cautious of unofficial download sites and verify software sources to protect against such threats.

External references