Versions of a cross-platform instant messenger application focused on the Chinese market known as ‘MiMi’ have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems.
SEKOIA’s Threat & Detection Research Team says that the app’s macOS 2.3.0 version has been backdoored for almost four months, since May 26, 2022.
They discovered this after noticing unusual connections to this app while analyzing command-and-control (C2) infrastructure for the HyperBro remote access trojan (RAT) malware linked to the APT27 Chinese-backed threat group.
Read more…
Source: Bleeping Computer