Malware, Phishing, Threat Intelligence

Novel Earth Minotaur hackers’ surveillance operation uncovered

Attacks with an updated MOONSHINE exploit kit have been launched by newly emergent threat operation Earth Minotaur to compromise Windows and Android devices with the DarkNimbus backdoor as part of a long-term global cyberespionage campaign against Tibetans and Uyghurs, according to The Hacker News.

Earth Minotaur leverages instant messaging apps to send messages with malicious links purporting to be Tibetan or Uyghur music and dance-related videos, which redirected to dozens of MOONSHINE exploit kit servers that would enable the download of a trojanized XWalk version, which later executes DarkNimbus, a report from Trend Micro showed. Aside from enabling phone call recording, photo capturing, and shell command execution, DarkNimbus also compromises messages from Skype, WeChat, WhatsApp, and other instant messaging apps by exploiting Android's accessibility services. "MOONSHINE is a toolkit that is still under development and has been shared with multiple threat actors including Earth Minotaur, POISON CARP, UNC5221, and others," said Trend Micro.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds