"Tencent QQ Users Hacked in Mysterious Malware Attack, Says ESET"

The Chinese Advanced Persistent Threat (APT) hacking group known as Evasive Panda is linked to an attack that distributed the MsgBot malware as part of an automatic update for the Tencent QQ messaging app. Since 2012, the cyberespionage group Evasive Panda has targeted organizations and individuals in China, Hong Kong, Macao, Nigeria, and numerous Southeast and East Asian countries. In January 2022, security researchers at ESET discovered the threat actor's most recent campaign, citing evidence that the operation began in 2020. Most of the campaign's victims are members of an international Non-Governmental Organization (NGO) and reside in the provinces of Gansu, Guangdong, and Jiangsu, indicating a highly targeted approach. According to ESET, the malicious MsgBot malware payload was delivered to victims as a Tencent QQ software update from developer-connected URLs and IP addresses. This indicates two possible attack scenarios: a supply chain attack and an adversary-in-the-middle (AITM) attack. This article continues to discuss the Evasive Panda APT group compromising the Tencent QQ messaging app. 

Bleeping Computer reports "Tencent QQ Users Hacked in Mysterious Malware Attack, Says ESET"