Monday, July 9, 2012

MacControl cyber espionage RAT linked to Chinese source code

The recently discovered Mac Control cyber espionage tool used within an espionage campaign against Tibetan related NGOs and described by AlienVault probably draws on code available on the Chinese web. Searching for strings within the tool reveals the following function names(the below image linked from the Microsoft analysis).



A Google search of the Internet for the strings "ParseCMD" "NM_CMD_S" results in only 5 hits. 
These five results are all Chinese programming forums. The number 1 hit is for a posting to the programming forum www.pudn.com/. The hit is for strings within the source code package shykVC.rar(size 1072 K) uploaded 2009-03-02 by 许凤(Xu Feng) and downloaded 425 times.

blog post by dmackey

No comments:

Post a Comment