Summary: Trend Micro’s research reveals a new attack campaign by the APT group Earth Preta, which combines both legitimate and malicious components to bypass security measures. The attack primarily targets users in Thailand, using a decoy PDF to deceive victims while a backdoor malware is deployed. Earth Preta leverages various techniques, including sideloading malware and employing installer builders to maintain persistence and evade detection, focusing on government entities in the Asia-Pacific region.
Affected: Government entities in the Asia-Pacific region
Keypoints :
- Earth Preta employs a variant of the TONESHELL backdoor, sideloaded with a legitimate application.
- The group uses a decoy PDF to distract victims while executing malicious payloads in the background.
- Over 200 victims have been recorded, predominantly targeting Thailand-based government organizations.