Hacker groups suspected of being from China may be behind the spread of a new version of MgBot malware in India. According to The Windows Club, security researchers at Malwarebytes have uncovered several malware campaigns that have tried to target India and Hong Kong in recent weeks. Specifically, earlier this month, they found an archive disguised as the Indian government to download downloads of Cobalt Strike with malicious documents.
Attackers use Cobalt Strike to spread malware to victims’ computers. A day later, the researchers found the same agent who threatened to infect a Windows computer with Microsoft Application Management Service (AppMgmt). A few days later, the researchers discovered a similar tactic used by the same hacker group. However, this time the destination is not India, but Hong Kong.
Malwarebytes believes that this new campaign has been run by Chinese hacking group APT since 2014.
Last month, the Indian Ministry of Information Technology issued a ban on 59 applications from China, including TikTok, UC Browser and WeChat, as a result of national security concerns. The decision comes amid rising anti-Chinese Indians across the country following the deadly border clash.