A new variant of MgBot malware was discovered earlier this month, that is being used by Chinese Threat actors to exploit users in Hongkong and India. First discovered on 2nd July the malware masquerades itself as an archive document from the Indian government. It carries malicious templates that can load and infect your device with the Cobalt Strike variant.
Post this, the malware drops, injects, and executes MgBot by exploiting the Windows Application Management services. As per the research reports of MalwareBytes, it was also found delivering the same payload in the form of an archive file containing a statement from Boris Johnson, the British PM about HongKong.
A security researcher at Malwarebytes also stated that a Chinese state-sponsored actor is behind all this and represents the ongoing tension of China with India and Hongkong.
How Does the Attack Take Place?
It is also found that the malware contains RAT Trojan capabilities and uses it for taking screenshots, logging keystrokes, creating mutexes, manipulating processes along with various files and folders, and much more. It is also discovered that the criminals are deploying multiple IP addresses to host C&C servers and payloads. Most of the servers used are loaded in Hongkong.
Security researchers also believe that MgBot is executed by Chinese threat actors who also carried Rancor, APT40, and KeyBoy attacks.
How to Protect Yourself From New Mgbot Malware Variant?
Security procedures are a must to fight malicious malware like MgBot.
Ward-off malicious malware like MgBot by following basic hygiene rules.
As a Spotify Free user, you might feel like you want to block Spotify ads. This could be because they…
As it is one of the most popular digital music, podcast, and video services, a hacked Spotify account may be…
You may, or may not have heard about cracking. Either way, you should be aware of this threat, and learn…
Victim fraud shame is a very dangerous thing that may happen to those who become online victims. Some of them…
We assume that everybody wants to stay safe online. For this, some simple, still very important rules should be followed.…
Have you ever thought about how you could report Cybercrime? Maybe you or one of your friends became the victim…