"Chinese Hackers Target Script Kiddies With Info-stealer Trojan"
Researchers at Check Point have discovered a new campaign associated with the Chinese "Tropic Trooper" hacking group, which employs a novel loader known as Nimbda and a new variant of the Yahoyah Trojan. The Trojan is included in a greyware tool called 'SMS Bomber,' which is used to launch Denial-of-service (DoS) attacks on phones by flooding them with messages. Such tools are commonly used by novice threat actors who want to launch attacks against websites. According to the researchers, the threat actors also exhibit in-depth cryptographic knowledge, extending the AES specification in a custom implementation. The new Yahoyah variant collects data about the host and sends it to the command-and-control (C2) server. The information collected by Yahoyah includes the local wireless network SSIDs in the victim machine's vicinity, computer name, MAC address, OS version, installed AV products, and presence of WeChat and Tencent files. This article continues to discuss findings surrounding the Tropic Trooper hacking group's new campaign that employs Nimbda and a new variant of the Yahoyah Trojan.
Bleeping Computer reports "Chinese Hackers Target Script Kiddies With Info-stealer Trojan"