- This is the best space-saving smart heater I've ever used - and now it's on sale
- Should you buy the viral $350 tri-fold projector? My buying advice after a week of testing
- Apple Watch sees its second year of shipment declines - here's the possible culprit
- Explore Cisco IOS XE Automation at Cisco Live US 2025
- My top 5 picks for the best Memorial Day phone deals so far: Apple, Samsung, and more
Luckymouse Uses Compromised MiMi Chat App to Target Windows and Linux Systems
The threat actor Luckymouse (also known as Emissary Panda, APT27, Bronze Union and Iron Tiger) used a trojanized version of the cross-platform messaging app MiMi to backdoor devices across Windows, macOS and Linux operating systems.
The news comes from two different security reports, respectively published by SEKOIA and Trend Micro over the weekend.
After modifying installer files, Luckymouse would make the weaponized version of MiMi download and install remote access trojan (RAT) HyperBro samples for the Windows operating system and a Mach-O binary dubbed “rshell” for Linux and macOS.
“While this was not the first time the technique was used, this latest development shows Iron Tiger’s interest in compromising victims using the three major platforms: Windows, Linux and macOS,” read the Trend Micro advisory.
In terms of targets, the security researchers said they found 13 across Taiwan and the Philippines.
“While we were unable to identify all the targets, these targeting demographics demonstrate a geographical region of interest,” Trend Micro wrote. “Among those targets, we could only identify one of them: a Taiwanese gaming development company.”
The SEKOIA advisory, on the other hand, does not make assessments on the hackers’ motivation, but cautiously attributes the Luckymouse MiMi attacks to Chinese threat actors.
“As this application’s use in China appears low, it is plausible it was developed as a targeted surveillance tool,” read the document.
“It is also likely that, following social engineering carried out by the operators, targeted users are encouraged to download this application, purportedly to circumvent Chinese authorities’ censorship.”
“Regardless of LuckyMouse’s goals, it is of particular interest to observe the targeting of MacOS environment,” the advisory concluded. “SEKOIA assesses this [threat actor] will continue updating and improving their capabilities in the short-term.”
The attacks come roughly a year after Luckymouse was mentioned in the ESET list of advanced persistent threat (APT) groups exploiting Microsoft Exchange vulnerabilities.
