Summary: The Mustang Panda threat actor has developed a sophisticated method to remain undetected while controlling infected systems, using a legitimate Windows utility, MAVInject.exe, to inject malware into processes. The attack exploits vulnerabilities through spear-phishing emails, utilizing a dropper executable to deploy both benign and malicious components. Additionally, it employs an EA application to execute a modified TONESHELL backdoor for further exploitation and data exfiltration.
Affected: ESET antivirus users and organizations in Thailand
Keypoints :
- Mustang Panda uses MAVInject.exe to evade detection specifically when ESET antivirus is running.
- The attack starts with a dropper executable that delivers multiple payloads, including a decoy PDF for distraction.
- The malware communicates with a remote server for commands, ensuring ongoing control over compromised systems.
Source: https://thehackernews.com/2025/02/chinese-hackers-exploit-mavinjectexe-to.html
Views: 21