• Latest
  • Trending
Chinese hackers target script kiddies with info-stealer trojan

Chinese hackers target script kiddies with info-stealer trojan

June 23, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Thursday, 16 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Chinese hackers target script kiddies with info-stealer trojan

by ITECHNEWS
June 23, 2022
in Infosec, Leading Stories
0 0
0
Chinese hackers target script kiddies with info-stealer trojan

Cybersecurity researchers have discovered a new campaign attributed to the Chinese “Tropic Trooper” hacking group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan.

The trojan is bundled in a greyware tool named ‘SMS Bomber,’ which is used for denial of service (DoS) attacks against phones, flooding them with messages. Tools like this are commonly used by “beginner” threat actors who want to launch attacks against sites.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

According to a report by Check Point, the threat actors also demonstrate in-depth cryptographic knowledge, extending the AES specification in a custom implementation.

Attack chain

The infection begins with downloading a malicious version of SMS Bomber, which contains the tool’s binary and standard functionality. However, the download has been modified to include additional code that injects into a notepad.exe process.

The downloaded executable is actually the ‘Nimbda’ loader, which uses the SMS Bomber icon, and contains SMS Bomber as an embedded executable.

The SMS Bomber GUI tool
The SMS Bomber GUI tool (Check Point)

In the background, the loader injects shellcode into the notepad process to reach a GitHub repository, fetch an obfuscated executable, decode it, and then run it via process hollowing in ‘dllhost.exe.’

This payload is the new Yahoyah variant, which collects data about the host and sends it to the C2 server. The information collected by Yahoyah includes the following:

  • local wireless network SSIDs in the victim machine’s vicinity
  • computer name
  • MAC address
  • OS version
  • installed AV products
  • presence of WeChat and Tencent files

The final payload, dropped by the Yahoyah executable, is encoded in a JPG image using steganography. Check Point identifies it as ‘TClient,’ a backdoor Tropic Trooper used in past campaigns.

Complete infection chain
Complete infection chain (Check Point)

Custom AES implementation

The encryption used to wrap Yahoyah is a custom implementation of AES, which performs the inverted sequence of round operations twice; hence Check Point names it AEES.

Curious code snippet seen by Check Point
Odd AES code snippet
​​​​​​​(Check Point)

This doesn’t make encryption stronger but makes analysis of the sample very difficult, discouraging researchers who aren’t determined enough or making their work much more tedious.

“Getting an analyst to go through that entire rigmarole is a cruel and effective feat, especially for the meager cost on the malware author’s side,” comments Check Point.

“They just need the knowledge and self-confidence to mess with the crypto in a way that will not render it nonoperational.”

Peculiar targeting

Tropic Trooper is a sophisticated threat actor focused on espionage, previously seen running phishing campaigns against Russian officials.

Trojanizing’ SMS Bomb’ indicates precise, narrow targeting, so it’s likely a decision based on intelligence collected during preceding espionage.

While the exact targeting scope is unknown, this campaign demonstrates Tropic Trooper’s capability to create any decoy needed for their operations, cryptographic knowledge, and malware development activity.

Source: Bill Toulas
Via: bleepingcomputer
Tags: Chinese hackers target script kiddies with info-stealer trojan
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version