Threat actor Luckymouse has reportedly used a trojanized version of the cross-platform messaging app MiMi to install backdoors on Windows, macOS, and Linux operating systems. The group is also identified as Emissary Panda, APT27, and Bronze Union. The news was reported by Trend Micro. According to the report, Luckymouse modifies installer files and uses the weaponized version of the chat platform MiMi to install remote access trojan samples. Although this technique is not new, it marks the latest development in the threat actor’s interest in compromising victims across the three major operating systems.
Security researchers have identified 13 targets spanning Taiwan and the Philippines. The targets have not been publicly identified, however, the trend demonstrates an interest in the geographical region in which Taiwan and the Philippines are located. One of the targets is a Taiwanese gaming development company, reported Trend Micro. Although the hackers’ motivation is unclear, some security researchers have cautiously attributed the attacks to Chinese threat actors.
Read More: Luckymouse Uses Compromised MiMi Chat App to Target Windows and Linux Systems