Search
Get in Touch
News

This dangerous APT has expanded its skills with some new tools – here’s what we know

TechRadar
TechRadar
  • Mustang Panda upgrades CoolClient backdoor with new rootkit and expanded capabilities
  • New features include clipboard monitoring, proxy credential sniffing, and enhanced plugin ecosystem
  • Updated malware used against governments in Asia and Russia for espionage and data theft

Chinese state-sponsored hackers Mustang Panda have upgraded one of their backdoors with new capabilities, potentially making it even more dangerous than ever.

Security researchers at Kaspersky recently spotted the backdoor, called CoolClient, being used in an attack that deployed a brand-new rootkit.

Mustang Panda is a known threat actor, whose activities align perfectly with Chinese national interests: cyber-espionage, data theft, and persistent access. It has a large arsenal of custom tools, including backdoors, RATs, rootkits, and more – including CoolClient, a backdoor that was first seen in 2022 and is usually deployed as a secondary backdoor, alongside PlugX and LuminousMoth.

Clipboard capture and HTTP proxy credential sniffing

Now, even though the legacy variant was dangerous as it was, Mustang Panda decided to give it a facelift, Kaspersky said.

Originally, CoolClient was able to profile and gather system and user details, and record keystrokes. It allowed Mustang panda to upload and delete files, run TCP tunneling and reverse-prosy listening, as well as in-memory execution. It featured different persistence mechanisms, UAC bypasses, and DLL sideloading.

Now, it can monitor the clipboard and capture copied contents (for example, passwords picked up from password managers, or cryptocurrency wallet information stored elsewhere) and enables HTTP proxy credential sniffing. It also has an expanded plugin ecosystem, including a remote shell plugin for interactive command execution, a service management plugin, and a more capable file management plugin.

Furthermore, it allows for credential theft via infostealers, as well as the use of legitimate cloud services for quiet exfiltration of stolen data.

Kaspersky said it saw the updated version of the malware used in attacks against government entities in Myanmar, Mongolia, Malaysia, and Pakistan. It was also found on devices belonging to the Russian government, but that should come as no surprise since China was seen before trying to spy on its allies and partners.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Read more @ TechRadar

Previous article
The Sony WH-1000XM6 offer ‘class-leading ANC’ and are some of the best headphones around – and they’re back to their lowest-ever price on Amazon
Next article
Shop the Oral-B iO sale right now and get a free gift
TechRadar
TechRadar

Latest posts

Live Nation’s monopoly trial is reportedly fracturing Trump’s Justice Department

The Verge - 0
Live Nation executives have reportedly sidestepped the Justice Department's antitrust division to negotiate directly with more sympathetic senior officials in the hopes of avoiding...

HBO Max is finally launching in the UK next month

The Verge - 0
Warner Bros. Discovery has announced that streaming service HBO Max will make its long-awaited debut in the UK and Ireland on March 26th, having...

Animal Crossing started life as a dungeon crawler

The Verge - 0
Despite the convoluted journey between concept and finished product, despite all the many things that change between initial prototype and whatever ends up in...

PlayStation’s next big games showcase is on February 12th

The Verge - 0
Nintendo and Xbox each had their turn, and now PlayStation is up. Sony just announced its next big State of Play showcase, which will...

Discord will require a face scan or ID for full access next month

The Verge - 0
Discord announced on Monday that it's rolling out age verification on its platform globally starting next month, when it will automatically set all users'...

OpenAI will reportedly start testing ads in ChatGPT today

The Verge - 0
OpenAI plans to start testing ads in ChatGPT today, according to a report from CNBC. The "clearly labeled" ads will appear in a separate...

Siemens CEO Roland Busch’s mission to automate everything

The Verge - 0
Today, I’m talking with Roland Busch, who is the CEO of Siemens. Siemens is one of those absolutely giant, extremely important, but fairly opaque companies...

YouTube TV’s sports-focused package will cost $64.99 / month

The Verge - 0
YouTube TV has shared more details about the custom channel packages it will start rolling out this week. The new packages are cheaper than...

Linux 6.19 arrives with a teaser for Linux 7.0

The Verge - 0
Fedora systems like this one running Linux kernel 6.17 could soon get an update. | Image: Stevie Bonifield / The Verge On Sunday, Linux developer...

Leaked specs for Sony’s next flagship wireless earbuds reveal ANC upgrades

The Verge - 0
It’s been two-and-a-half years since Sony last upgraded its flagship ANC earbuds. | Image: The Walkman Blog Following images of Sony's new WF-1000XM6 earbuds shared by...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).

The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.

We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

About Us

© AIVAnet | All rights reserved