In June, Terend Micro researchers identified and investigated an unusual security incident involving the installation of two malware families, C6DOOR and GTELAM, on a victim’s host. Trend Micro investigation determined that the malware was delivered through a legitimate input method editor (IME) software, Sogou Zhuyin.
As brief explanation, an IME is a tool that interprets sequences of keystrokes into complex characters for languages not suited to a standard QWERTY keyboard (like many East Asian languages). The software had stopped receiving updates in 2019; in October 2024 attackers took over the lapsed domain name and used it to distribute malicious payloads. Telemetry data indicates that at least several hundred victims were affected, with infections leading to additional post-exploitation activities.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- A new LinkedIn phishing scam is targeting executives online
January 21, 2026
Business executives and IT admins are being targeted by a highly sophisticated phishing attack which doesn’t happen in the email inbox but rather – on LinkedIn. Security researchers ReliaQuest said they saw a new attack that combines legitimate Python pentesting projects, DLL sideloading, and fake job ads, to infect “high-value targets” with remote access trojans ...
- Peruvian Peaks: The digital loan illusion
January 21, 2026
Crossing the Andes, we found ourselves in the digital valleys of Peru, where a new variation of the loan scam awaited us. Much like the schemes in Brazil, these operations played on hope and desperation, luring victims with promises of financial relief. The setup was so convincing that it seemed like help was just within ...
- From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers
January 19, 2026
On December 8, 2025, Koi.ai published their findings about a campaign specifically targeting software developers through weaponized Visual Studio Code extensions. Here, Trend Micro will provide a more in-depth analysis of the multistage delivery of the Evelyn information stealer. Evelyn implements multiple anti-analysis techniques to evade detection in research and sandbox environments. It collects system information ...
- StealC malware control panels could give experts the tools they need to spy on hackers
January 19, 2026
Cybersecurity researchers have managed to break into the web-based control panel for the StealC infostealer and gain valuable information on how the malware operates, and who both the attackers and the victims are. StealC is an immensely popular infostealer malware which first emerged a couple of years ago, and has since become one of the staples ...
- Firefox joins Chrome and Edge as sleeper extensions spy on users
January 19, 2026
A group of cybercriminals called DarkSpectre is believed to be behind three campaigns spread by malicious browser extensions: ShadyPanda, GhostPoster, and Zoom Stealer. Malwarebytes Labs wrote about the ShadyPanda campaign in December 2025, warning users that extensions which had behaved normally for years suddenly went rogue. After a malicious update, these extensions were able to track ...
- Newely discovered AMD CPU flaw highlights the risk of running multiple VMs
January 16, 2026
A newly discovered vulnerability in AMD chips allows malicious actors to perform remote code execution (RCE) and privilege escalation in virtual machines. Cybersecurity researchers from the CISPA Helmholtz Center for Information Security in Germany detailed a vulnerability they named StackWarp, a hardware vulnerability in AMD CPUs that breaks the protections of confidential virtual machines, by manipulating ...