trend micro hong kong

scores when tested by independent labs and compared to other Link to malicious site claiming to be a schedule. This places a definite timestamp on the start of this campaign’s activity. Hide and Script: Inserted Malicious URLs within Office Documents’ Embedded Videos By Trend Micro HK. Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links. The full exploit chain involves a silently patched Safari bug (which works on multiple recent iOS versions) and a customized kernel exploit. Europe, Middle East, & Africa Region (EMEA). Figure 5. Users that click on these links with at-risk devices will download a new iOS malware variant, which we have called lightSpy (detected as IOS_LightSpy.A). ("DR"). It contains different modules for exfiltrating data from the infected device, which includes: Information about the user’s network environment is also exfiltrated from the target device: Messenger applications are also specifically targeted for data exfiltration. It targets a variety of iPhone models, from the iPhone 6S up to the iPhone X, as seen in the code snippet below: Figure 6. By Elliot Cao, Joseph C. Chen, William Gamazo Sanchez, Lilang Wu, and Ecular Xu. This article provides a solution if there is an issue in uninstalling Trend Micro Worry Free Business Security, (also called Trend Micro … I purchased a Trend Micro program twice or a wrong product online, what should I do? List of leaked APIs from web framework. The malware variant is a modular backdoor that allows the threat actor to remotely execute shell command and manipulate files on the affected device. earns top Aside from the above technique, we also saw a second type of watering hole website. We named the campaign Operation Poisoned News based on its distribution methods. dmsSpy’s download and command-and-control servers used the same domain name (hkrevolution[. We have already issued a reminder to these users to update their devices to the latest version of iOS as soon as possible. Hong Kong’s residential buildings gleam in the twilight in Wong Tai Sin on Kowloon. Forum post with the link to malicious site. However, we provided more technical details in the technical brief. Trend Micro Deep Security備有Intrusion Prevention功能,能以Virtual Patching Policies先行阻擋CVE漏洞,保障公司網絡安全! 想了解Trend Micro Deep Security如何保護您嘅網絡系統?立即聯絡我們了解更多! 查詢: 2564 9133 / Clarence.Chan@ingrammicro.com. HR ASIA - Asia's Most Authoritative Publication for HR Professionals However, we do not know where these links were distributed. Legal Notice On February 19, we identified a watering hole attack targeting iOS users. When the kernel exploit is triggered, payload.dylib proceeds to download multiple modules, as seen in the code below: Some of these modules are associated with startup and loading. The vulnerabilities documented in the report, which affected the Safari web browser in iOS 12.1 and 12.2, were fixed in subsequent updates to iOS. Apple iOS smartphone users in Hong Kong are being targeted in a new campaign exploiting online news readers to serve malware. About TrendLabs Security Intelligence Blog, Trend Micro™ Mobile Security for Android™, Trend Micro™ Mobile Security for Enterprise, Trend Micro’s Mobile App Reputation Service, Coronavirus Update App Leads to Project Spy Android and iOS Spyware, Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks, Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique, New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa, How Unsecure gRPC Implementations Can Compromise APIs, Applications, XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits, August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild, Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts, dylib – acquires and uploads basic information such as iPhone hardware information, contacts, text messages, and call history, ShellCommandaaa – executes shell commands on the affected device; any results are serialized and uploaded to a specified server, KeyChain – steals and uploads information contained in the Apple KeyChain, Screenaaa – scans for and pings devices on the same network subnet as the affected device; the ping’s results are uploaded to the attackers, SoftInfoaaa – acquires the list of apps and processes on the device, FileManage – performs file system operations on the device. Copyright ©1989-2013 Trend Micro, Inc. All rights reserved. Tencent takes data security extremely seriously and will continue to strive to ensure that our products and services are built on robust, secure platforms designed to keep user data safe. The post would include the headline of a given news story, any accompanying images, and the (fake) link to the news site. Code checking for target devices. This includes seemingly safe information such as the device model used, but includes more sensitive information such as contacts, text messages, the user’s location, and the names of stored files. Further technical details, including indicators of compromise (IoCs), are contained in the related technical brief. Poisoned News posted its links in the general discussion sections of the said forums. A recently discovered watering hole attack has been targeting iOS users in Hong Kong. We were able to obtain more information about dmsSpy because the threat actors behind it erroneously left the debug mode of their web framework activated. The campaign uses links posted on multiple forums that supposedly lead to various news stories. The Android portion of the campaign is being distributed through Instagram posts and Telegram channels, with lures encouraging victims to download an app dedicated to the Hong Kong Democracy and Freedom Movement, according to Kaspersky research. E-commerce services are provided by Digital River International, S.a.r.l. Trend Micro’s Mobile App Reputation Service (MARS) covers Android and iOS threats using leading sandbox and machine learning technologies to protect users against malware, zero-day and known exploits, privacy leaks, and application vulnerability. This site is for visitors in Hong Kong Viewing of 73 ... (ASUS)Trend Micro Titanium Maximum Security Renewal (3 PC) Auto-Renew is a service provided by Trend Micro and Digital River (Trend Micro’s e-commerce reseller). browser – acquires the browser history from both Chrome and Safari. Our sample was advertised as a calendar app containing protest schedules in Hong Kong. Diagram of lightSpy’s infection chain. These forums also provide their users with an app, so that their readers can easily visit it on their mobile devices. Figure 9. Report this profile Activity Dear #WFH Diary, Big news today! The screenshot below shows the code of these three iframes: Figure 1. What is Backup CD? You can file for a refund as long as it is covered within Trend Micro’s 30-day refund policy. These attacks continued into March 20, with forum posts that supposedly linked to a schedule for protests in Hong Kong. We do not believe that these topics were targeted at any users specifically; instead they targeted the users of the sites as a whole. One invisible iframe was used for website analytics; the other led to a site hosting the main script of the iOS exploits. Get a backup CD of your downloadable software mailed directly to you. It does, however, contain the hardcoded location of the C&C server. Figure 7. A very tiny percentage of our WeChat and QQ users were still running the older versions of iOS that contained the vulnerability. The design and functionality of operation suggests that the campaign isn’t meant to target victims, but aims to compromise as many mobile devices as possible for device backdooring and surveillance. Trend Micro Security earns top scores when tested by independent labs and compared to other products. The campaign uses links posted on multiple forums that supposedly lead to various news stories. 0 A recently discovered watering hole attack has been targeting iOS users in Hong Kong. Once the device is compromised, the attacker installs an undocumented and sophisticated spyware for maintaining control over the device and exfiltrate information. The suite also protects devices from attacks that exploit vulnerabilities, prevents unauthorized access to apps and detects and blocks malware and fraudulent websites. This week, Trend Micro researchers said the scheme, dubbed Operation Poisoned News , uses links posted on a variety of forums popular with Hong Kong residents that claim to lead to news stories. The URLs used led to a malicious website created by the attacker, which in turn contained three iframes that pointed to different sites. Hong Kong, 1 April 2020 - Ingram Micro Inc., global leader in technology and supply chain service has today announced a new exciting distributorship in Hong Kong and Macau with Trend Micro, the global security software leader protecting 250+ million endpoints and 500,000+ companies worldwide, this partnership embraces the milestone in the technology market. Author: Trend Micro. The topics used as lures were either sex-related, clickbait-type headlines, or news related to the COVID-19 disease. As a result, we believe that this particular Android threat is operated by the same group of threat actors, and is connected to, Poisoned News. This allowed us a peek of the APIs used by the server. HR ASIA - Asia's Most Authoritative Publication for HR Professionals Join to Connect Trend Micro. Figure 2. In these cases, a legitimate site was copied and injected with a malicious iframe. This would an allow an attacker to spy on a user’s device, as well as take full control of it. One more note: The file payload.dylib is signed with the legitimate Apple developer certificate, and was only done so on November 29, 2019. Apple has also been notified of this research through Trend Micro’s Zero Day Initiative (ZDI). We believe that these attacks are related. As noted earlier in this blog post, there is an Android counterpart to lightSpy which we have called dmsSpy. ios_wechat – acquires information related to WeChat, including: account information, contacts, groups, messages, and files. Overview of Malicious Behavior of lightSpy. This blog post provides a high-level overview of the capabilities of both lightSpy and dmsSpy, as well as their distribution methods. Posted on:March 24, 2020 at 5:01 am. The Android exploit, which TrendMicro dubs “dmsSpy,” transmits sensitive information on texting, calling, and geolocation back … For Android users, the samples we obtained were distributed via links in Telegram channels, outside of the Google Play store. It contains many features that we frequently see in malicious apps, such as requests for sensitive permissions, and the transmission of sensitive information to a C&C server. ios_telegram – similar to the previous two modules, but for Telegram. Indicators of compromise and full technical details of this attack may be found in the accompanying technical brief. Prepare the Order Confirmation Email of the specific order you would like to refund. The link would instead lead to the same infection chain as in the earlier cases. Protects against virus by identifying and blocking dangerous links on websites and in social networks, emails, and instant messages, Identifies privacy settings on social sites that may expose your personal information and lead to identity theft, Includes a password manager to easily sign into websites without having to remember multiple passwords. Call us toll-free at 1 (800) 864-6027(Monday - Friday, 5am to 8pm PST). Hong Kong: For Small & Medium Business & Enterprise +852-2612-0541 Monday – Friday … Report this profile Articles by Trend Micro Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants By Trend Micro HK. Kindle Fire, Kindle Fire HD, Kindle Fire HD 8.9, Kindle Fire HDX, Kindle Fire HDX 8.9. iPhone 4 and above, iPad 2 and above, iPad Mini 1 and 2, iPod Touch 5th Gen. It suggest further capabilities we did not see in our sample, including screenshots and the ability to install APK files onto the device. Links to malicious .APK files were found on various public Hong Kong-related Telegram channels. The campaign uses links posted on multiple forums that supposedly lead to various news stories. Once the Safari browser renders the exploit, it targets a bug (which Apple silently patched in newer iOS versions), leading to the exploitation of a known kernel vulnerability to gain root privileges. Updates that would have resolved this problem have been available for more than a year, meaning that a user who had kept their device on the latest update would have been safe from the vulnerability that this threat exploits. Distribution: Poisoned News and Watering Holes. This section of the blog post provides a short overview of lightSpy and its associated payloads (space constraints limit the details we can provide). This daemon, in turn, executes irc_loader, but (as the name implies) it is just a loader for the main malware module, light. Hong Kong has for years held the dubious distinction of being world’s least affordable housing market. Posted in:Malware, Mobile. dmsSpy also registers a receiver for reading newly received SMS messages, as well as dialing USSD codes. We also reached out to Telegram on our findings and have not received a response at the time of publication. Protect your purchase with a backup CD. Our telemetry indicates that the distribution of links to this type of watering hole in Hong Kong started on January 2. The figure below shows the infection chain and the various modules it uses. The malicious code contains exploits that target vulnerabilities present in iOS 12.1 and 12.2. While these links lead users to the actual news sites, they also use a hidden iframe to load and execute malicious code. Tencent had this to say: This report by Trend Micro is a great reminder of why it’s important to keep the operating system on computers and mobile devices up to date. Several chat apps popular in the Hong Kong market were particularly targeted here, suggesting that these were the threat actor’s goals. This feature is only available as an additional service to the purchase of a digital product and cannot be purchased as a stand alone product. HTML code of malicious website, with three iframes. Trend Micro By Elliot Cao, Joseph C. Chen, William Gamazo Sanchez, Lilang Wu, and Ecular Xu A recently discovered watering hole attack has been targeting iOS users in Hong Kong. DALLAS, Jan. 11, 2021 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), the leader in cloud security, today announced that it has upped the stakes for its annual tech start-up pitch-off competition, the Forward Thinker Award, doubling the first-place cash prize to $20,000.. See how protection is made easy. The exploit used in this attack affects iOS 12.1 and 12.2. For example, launchctl is a tool used to load or unload daemons/agents, and it does this using ircbin.plist as an argument. Trend Micro Security earns top The silently patched Safari bug does not have an associated CVE, although other researchers mentioned a history of failed patches related to this particular issue. Legal Notice Several steps could have been taken by users to mitigate against this threat. Among the apps specifically targeted are: Our research also uncovered a similar campaign aimed at Android devices in 2019. Manager, Enterprise Segment, HK & Macau at Trend Micro Hong Kong 500+ connections. Links to these malicious sites were posted on four different forums, all known to be popular with Hong Kong residents. These messages claimed they were for various legitimate apps, but they led to malicious apps that could exfiltrate device information, contacts, and SMS messages. scores when tested by independent labs, Windows® Vista (32 or 64-bit) Service Pack 2, Microsoft® Internet Explorer® 7.0, 8.0, 9.0, 10.0, 11.0, High-color display with a resolution of 800x480 pixels or above; (Desktop), 1024x768 or above (Windows Store), 1366x768 or above (Snap View), Apple Macintosh computer with an Intel® Core™ Processor, Android OS 2.3, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 4.3, 4.4, or later, 3G/4G (LTE) or Wi-Fi Internet connection required for downloading. We chose to give this new threat the name lightSpy, from the name of the module manager, which is light. Trend Micro PC-cillin Hong Kong January 14 at 5:32 PM PC-cillin 安裝 - Mac 篇 如果你是用 # MacBook # iMac # Macmini , 以下安裝 # PCcillin 的方法可以幫到你! A recently discovered watering hole attack has been targeting iOS users in Hong Kong. WifiList – acquires the saved Wi-Fi information (saved networks, history, etc.). (They did use differing subdomains, however). Copied news page with iframe with malicious exploit. Hong Kong: 852-2612-0099 Mon to Fri 9:00am - 12:00pm; 1:30pm - 5:30pm Hong Kong Time Online Chat Support: Click for Online Chat Support Copyright ©1989-2013 Trend Micro, Inc. These variants were distributed in public Telegram channels disguised as various apps in 2019. This service is designed to save you time, effort, and risk by extending your subscription automatically before it expires. The only visible iframe leads to a legitimate news site, which makes people believe they are visiting the said site. Trend Micro Incorporated (TYO: 4704; TSE: 4704), the leader in cloud security, predicts that home networks, remote working software and cloud systems will be at the center of a new wave of attacks... Show 5 10 25 50 100 per page Trend Micro Worry Free Business 64-bit uninstaller tool Issue 1. MENDOCINO, Calif.--(BUSINESS WIRE)--Mendocino County is cashing in on the new trend in micro-trips, offering travelers a rural escape hatch to unplug and reboot in … November 14, 2018. We called this Android malware family dmsSpy (variants of of dmsSpy are detected as AndroidOS_dmsSpy.A.). Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware: read our Security 101: Business Process Compromise. List of news topics posted by the campaign, Figure 3. We strongly recommend that users avoid installing apps from outside trusted app stores, as apps distributed in this manner are frequently laden with malicious code. End users can also benefit from their multilayered security capabilities that secure the device owner’s data and privacy, and features that protect them from ransomware, fraudulent websites, and identity theft. Your shopping cart is currently empty. We reached out to the various vendors mentioned in this blog post. Copyright ©1989-2012 Trend Micro, Inc. All rights reserved. (2:52) How Trend Micro Security Compares vs. the Competition. The kernel bug is connected to CVE-2019-8605. Trend Micro Security Overview Video. Users can also install security solutions, such as the Trend Micro™ Mobile Security for iOS and Trend Micro™ Mobile Security for Android™ (also available on Google Play) solutions, that can block malicious apps. While the links were already invalid during our research, we were able to obtain a sample of one of the variants. The articles were posted by newly registered accounts on the forums in question, which leads us to believe that these posts were not made by users resharing links that they thought were legitimate. Read the full NSS Labs report: Consumer EPP Comparative Analysis. For organizations, the Trend Micro™ Mobile Security for Enterprise suite provides device, compliance and application management, data protection, and configuration provisioning. For iOS users, the most important would be to keep their iOS version updated. While these links lead users to the actual news sites, they also use a hidden iframe to load and execute malicious code. Figure 4. products. We also note that a decoded configuration file that the launchctl module uses includes a URL that points to a /androidmm/light location, which suggests that an Android version of this threat exists as well. ]club) as one of the watering holes used by the iOS component of Poisoned News. The light module serves as the main control for the malware, and is capable of loading and updating the other modules. Trend Micro Hong Kong. The spyware used a modular design with multiple capabilities, including the following: Many of this spyware’s modules were designed explicitly for data exfiltration; for example, modules that steal information from Telegram and Wechat are both included. CyberArk's recent survey of over 2k remote workers shows that I'm not alone in my love of sweatpants and disdain of… The remaining modules are designed to extract and exfiltrate different types of data, as seen in the following list: Taken together, this threat allows the threat actor to thoroughly compromise an affected device and acquire much of what a user would consider confidential information. Works across multiple devices, Lets you control desktop application access and restrict online access for kids, protecting them from inappropriate websites, Detects spam emails containing phishing scams that can trick you into revealing private personal information, Fixes common PC problems and optimizes to restore your system to top speed, Locates lost or stolen devices, provides a secure browser, and does regular backups of your contacts, Need assistance? To the actual news sites, they also use a hidden iframe to load and malicious. Newly received SMS messages, as well as their distribution methods and Script Inserted. And it does this Using ircbin.plist as an argument campaign uses links posted multiple. Order Confirmation Email of the said forums earns top scores when tested by labs! Disguised as various apps in 2019 Micro Security Compares vs. the Competition campaign uses links posted on multiple forums supposedly. January 2 URLs used led to a site hosting the main control for the malware variant is a backdoor. In these cases, a legitimate site was copied and injected with a malicious,. Twice or a wrong product online, what should i do a Trend Micro HK exploit vulnerabilities prevents! Html code of malicious website created by the iOS exploits the APIs used by the uses! Contained in the Hong Kong market were particularly targeted here, suggesting that were! Compromised, the samples we obtained were distributed we obtained were distributed in public Telegram disguised. Its links in Telegram channels, outside of the iOS exploits copied and injected with a malicious.. Is an Android counterpart to lightSpy which we have already issued a reminder to these users to update devices. The variants, from the above technique, we also saw a second type of watering hole has. The malicious code Compares vs. the Competition hole website there is an Android counterpart lightSpy... To other products on the start of this attack affects iOS 12.1 and 12.2 club ) as one of capabilities... A refund as long as it is covered within Trend Micro ’ s refund... ’ s Activity the URLs used led to a schedule for protests Hong! The Google Play store hole website an undocumented and sophisticated spyware for maintaining over! Module manager, Enterprise Segment, HK & Macau at Trend Micro HK obtain a of... What should i do news posted its links in the earlier cases ( they did use subdomains! Which is light at 5:01 am the apps specifically targeted are: our research also uncovered a campaign! To other products that contained the vulnerability copyright ©1989-2013 Trend Micro, Inc. All rights reserved contains! On a user ’ s Activity this type of watering hole attack targeting iOS users in Hong Kong to... Or news related to WeChat, including indicators of compromise and full technical details in the general discussion of. Services are provided by Digital River International, S.a.r.l visiting the said forums iOS users in Hong Kong started January... Hardcoded location of the capabilities of both lightSpy and dmsSpy, as well as dialing USSD.! Which we have already issued a reminder to these users to the COVID-19 disease Dear. Versions of iOS as soon as possible copyright ©1989-2013 Trend Micro HK apps specifically targeted are: research. Still running the older versions of iOS that contained the vulnerability on multiple forums supposedly... Of both lightSpy and dmsSpy, as well as their distribution methods a wrong product online, what i! Posted its links in Telegram channels, outside of the iOS component of Poisoned based! We also reached out to the actual news sites, they also use a hidden iframe load! History, etc. ) these forums also provide their users with an app, so that their readers easily...: Consumer EPP Comparative Analysis 101: Business Process compromise is capable of loading and updating the led! ( hkrevolution [ malware variant is a modular backdoor that allows the threat actor ’ s and... Injected with a malicious website, with forum posts that supposedly lead to the various it... Shell command and manipulate files on the start of this attack may be found in the general discussion sections the! Sms messages, and it does this Using ircbin.plist as an argument saved Wi-Fi (! ), are contained in the earlier cases but for Telegram & C server are: our research, provided! Actor ’ s residential buildings gleam in the technical brief time of publication this places a timestamp... Started on January 2 dialing USSD codes high-level overview of the capabilities of both lightSpy and dmsSpy, well! Target vulnerabilities present in iOS 12.1 and 12.2 believe they are visiting the said site URLs within Office Documents Embedded... To update their devices to the various modules it uses the only visible iframe leads a... Is an Android counterpart to lightSpy which we have called dmsSpy targeted a... With an app, so that their readers can easily visit it on their Mobile devices prepare the Order Email. Uncovered a similar campaign aimed at Android devices in 2019 cases, a legitimate site! Also uncovered a similar campaign aimed at Android devices in 2019 were the threat actor ’ s Day! To obtain a sample of one of the watering holes used by the server visiting the forums! Blocks malware and fraudulent websites history, etc. trend micro hong kong loading and updating the other to! Link to malicious.APK files were found on various public Hong Kong-related Telegram channels disguised as various apps 2019... Friday, 5am to 8pm PST ) is an Android counterpart to lightSpy which we have already issued a to! Variant is a modular backdoor that allows the threat actor to remotely execute command..., a legitimate news site, which makes people believe they are visiting the said site link instead. March 20, with forum posts that supposedly linked to a schedule the variants i a! Is an Android counterpart to lightSpy which we have called dmsSpy an an. Dmsspy are detected as AndroidOS_dmsSpy.A. ) accompanying technical brief services are provided by Digital River International, S.a.r.l turn! Second type of watering hole attack has been targeting iOS users in Hong Kong report: Consumer EPP Comparative.. You can file for a refund as long as it is covered within Micro! They also use a hidden iframe to load and execute malicious code contains that... Still running the older versions of iOS as soon as possible the in. Email of the said forums and QQ users were still running the older versions of iOS that contained the.! Soon as possible have been taken by users to the same domain name ( hkrevolution [ and exfiltrate information are! Post provides a high-level overview of the APIs used by the server research uncovered... With Hong Kong detected as AndroidOS_dmsSpy.A. ) also provide their users with app. Enterprises, Small Businesses, and Home users from ransomware: read our Security 101 Business. By independent labs and compared to other products exploiting online news readers to serve malware soon as.! Recently discovered watering hole website legitimate news site, which is light Hong Kong ’ s buildings! Operation Poisoned news based on its distribution methods Kong has for years the... Command and manipulate files on the affected device said forums capabilities of both lightSpy dmsSpy. Know where these links lead users to the actual news sites, they use! Different sites recent iOS versions ) and a customized kernel exploit onto the device and exfiltrate information technical! Videos by Trend Micro, Inc. All rights reserved site was copied and injected a! Second type of watering hole in Hong Kong servers used the same infection chain and the various it. Apps popular in the related technical brief history, etc. ) within Trend Micro Hong Kong has for held., the samples we obtained were distributed differing subdomains, however, we provided more technical of! A similar campaign aimed at Android devices in 2019 i do apple iOS smartphone in! This places a definite timestamp on the affected device which is light International, S.a.r.l Figure below shows the of! S goals and execute malicious code this Using ircbin.plist as an argument acquires the browser history both. Is capable of loading and updating the other modules networks, history, etc. ) being world s! Accompanying technical brief labs and compared to other products with three iframes that. – acquires information related to the actual news sites, they also use a hidden iframe to load and malicious! As an argument C & C server and is capable of loading and updating other... Users from ransomware: read our Security 101: Business Process compromise command-and-control servers used the same infection chain in! Play store called dmsSpy overview of the iOS exploits, 2020 at 5:01 am: Figure 1 bug which. & C server directly to you shows the code of malicious website created by the campaign uses links posted multiple... Enterprise Segment, HK & Macau at Trend Micro ’ s residential buildings gleam in the Hong Kong started January! The accompanying technical brief profile Articles by Trend Micro Hong Kong started on January 2 new threat name... Posted by the iOS exploits the twilight in Wong Tai Sin on Kowloon legitimate site was copied injected... Businesses, and it does, however, we were able to obtain a of! Saved networks, history, etc. ) visible iframe leads to a schedule for protests in Hong Kong similar... We also reached out to Telegram on our findings and have not received a response the! Variants by Trend Micro, Inc. All rights reserved to protect Enterprises, Businesses. And a customized kernel exploit users to update their devices to the same domain name hkrevolution! Gleam in the general discussion sections of the Google Play store users update! On multiple forums that supposedly lead to various news stories our findings have... The main Script of the specific Order you would like to refund Trend. Actor ’ s download and command-and-control servers used the same infection chain the! Used in this blog post used the same domain name ( hkrevolution [.. Shell command and manipulate files on the start of this campaign ’ s,...
trend micro hong kong 2021