Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Earth Minotaur Unveils New Malware Arsenal

December 5, 2024
Reading Time: 2 mins read
in Alerts
Earth Minotaur Unveils New Malware Arsenal

Trend Micro researchers have revealed a sophisticated cyber campaign by the threat actor Earth Minotaur, leveraging the MOONSHINE exploit kit and DarkNimbus backdoor to target vulnerabilities in Android messaging apps. These attacks, primarily aimed at Tibetan and Uyghur communities, exploit Chromium-based browsers embedded in instant messaging applications. By deploying MOONSHINE, Earth Minotaur delivers the cross-platform DarkNimbus backdoor to both Android and Windows devices, enabling surveillance and unauthorized access.

MOONSHINE, first identified in 2019, has evolved into a more advanced exploit kit with enhanced capabilities. Its upgraded version now includes features to deter analysis, such as link validation through timestamps and salted hashes, and the ability to redirect victims to legitimate sites after exploitation. These measures ensure the attacks remain undetected by victims and security researchers. To date, Trend Micro has identified over 55 active MOONSHINE servers, highlighting the scale and persistence of this threat.

Earth Minotaur employs social engineering to lure victims into clicking malicious links embedded in seemingly legitimate content. These links, often disguised as government announcements or cultural videos, lead victims to MOONSHINE exploit kit servers. The servers exploit vulnerabilities in Chromium-based browsers, particularly when applications fail to update or lack sandboxing protections. Once compromised, victims’ devices are infected with the DarkNimbus backdoor, granting attackers remote control and access to sensitive information.

This discovery underscores the critical importance of regular software updates and enabling advanced security features like sandboxing in applications. The cross-platform nature of DarkNimbus further amplifies the potential impact of these attacks. As Earth Minotaur continues to refine its tactics, the cybersecurity community must remain vigilant, with increased awareness and proactive measures essential to countering threats posed by the MOONSHINE exploit kit and similar advanced tools.

Reference:

  • Earth Minotaur Uses MOONSHINE and DarkNimbus for Multi-Platform Attacks
Tags: AndroidCyber AlertsCyber Alerts 2024Cyber threatsDarkNimbusDecember 2024Earth MinotaurMOONSHINETibetTrend MicroUyghurVulnerabilitiesWindows
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial