As per the sources, it claims that A DLL hijacking issue was patched in Trend Micro Security was utilized by a Chinese threat organization to side-load harmful DLLs and deliver viruses, according to Trend Micro. The hackers used the fact that security products operate with high privileges on Windows to install and import their own fraudulently engineered DLL into memory, enabling them to escalate privileges and execute malware, according to Sentinel Labs.
According to the cybersecurity company, they said that Trend Micro is informed of the research published on May 2, 2022, about a putative Central-Asian-based malicious attacker known as ‘Moshen Dragon,’ who had deployed malware groups that intended to hijack different prominent protection solutions, including one from Trend Micro.
Moreover, following the data analysis and its product line, the team realized that only the Trend Micro Security consumer-focused product was compromised, without any other business or industrial goods. The antivirus vendor added that On May 19, 2022, a remedy for Trend Micro Security was delivered via Trend Micro’s ActiveUpdate (AU), and any customer with an active internet connection should get it soon if they haven’t already.
As per the sources, we also came to know that similar issues in security solutions from Bitdefender, McAfee, Symantec, and Kaspersky were exploited by the Moshen Dragon gang to install Impacket, a Python kit built for lateral movement and remote code activation via Windows Management Instrumentation (WMI). Impacket also has credential-stealing functionality, thanks to an open-source tool that records the information of a domain’s password changes occurring.
Furthermore, The Moshen Dragon operators’ final payloads contain PlugX and ShadowPad versions, two backdoors employed by various Chinese APTs in recent years. These approaches have been employed by malicious attackers to target Central Asian communications service providers to steal information from as much equipment as feasible.
