Attacks with an updated MOONSHINE exploit kit have been launched by newly emergent threat operation Earth Minotaur to compromise Windows and Android devices with the DarkNimbus backdoor as part of a long-term global cyberespionage campaign against Tibetans and Uyghurs, according to The Hacker News.
Earth Minotaur leverages instant messaging apps to send messages with malicious links purporting to be Tibetan or Uyghur music and dance-related videos, which redirected to dozens of MOONSHINE exploit kit servers that would enable the download of a trojanized XWalk version, which later executes DarkNimbus, a report from Trend Micro showed. Aside from enabling phone call recording, photo capturing, and shell command execution, DarkNimbus also compromises messages from Skype, WeChat, WhatsApp, and other instant messaging apps by exploiting Android’s accessibility services. “MOONSHINE is a toolkit that is still under development and has been shared with multiple threat actors including Earth Minotaur, POISON CARP, UNC5221, and others,” said Trend Micro.
