![Apple Officially Announces Return of 'Ted Lasso' for Fourth Season [Video]](https://www.iclarified.com/images/news/96710/96710/96710-640.jpg)
![Apple Plans Live Translation Feature for AirPods in iOS 19 [Report]](https://www.iclarified.com/images/news/96712/96712/96712-640.jpg)
![Apple Shares Official Trailer for 'F1' Starring Brad Pitt [Video]](https://www.iclarified.com/images/news/96714/96714/96714-640.jpg)
![[Update: Fix] Chromecast (2nd gen) and Audio can’t Cast in ‘Untrusted’ outage](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2019/08/chromecast_audio_1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
_Tanapong_Sungkaew_Alamy.jpg?#)
_JIRAROJ_PRADITCHAROENKUL_Alamy.jpg?#)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses
A sophisticated cyberattack campaign targeting Chinese-speaking users, malicious actors have weaponized fake versions of popular applications such as Signal, Line, and Gmail. These fake and weaponized apps are distributed via deceptive download pages that deliver malware capable of altering system defenses, evading detection, and exfiltrating sensitive data. The attackers exploit search engine manipulation to push […] The post Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses appeared first on Cyber Security News.
A sophisticated cyberattack campaign targeting Chinese-speaking users, malicious actors have weaponized fake versions of popular applications such as Signal, Line, and Gmail.
These fake and weaponized apps are distributed via deceptive download pages that deliver malware capable of altering system defenses, evading detection, and exfiltrating sensitive data.
The attackers exploit search engine manipulation to push fraudulent websites that mimic legitimate software sources, luring unsuspecting users into downloading compromised executables.
The malicious files are typically delivered in ZIP archives containing Windows executables. Upon execution, the malware follows a consistent pattern: extracting temporary files, injecting processes, modifying security settings, and establishing network communications.
Researchers at Hunt.io noted that the fake Signal download page at z1.xiaowu[.]pw delivers a file named Sriguoei4.zip. Similarly, the spoofed Gmail page at ggyxx.wenxinzhineng[.]top tricks users into downloading Goongeurut.zip, which installs a fake application called “Gmail Notifier Pro.”
.webp)
Execution and System Modification
Once executed, the malware employs advanced techniques to manipulate system defenses.
One notable example involves the use of PowerShell commands to disable Windows Defender by excluding the entire C: drive from scanning.
The command used is as follows:
powershell -Command "Add-MpPreference -ExclusionPath 'C:\'"This effectively renders the system vulnerable to further exploitation. The malware also drops a secondary executable, such as svrnezcm.exe, into deeply nested directories within the AppData folder:
C:\Users\user\AppData\Roaming\41d8a4f\a27e8d998\445c22590\e5b2cb4562\svrnezcm.exeThis executable spawns additional processes and communicates with command-and-control (C2) servers hosted on Alibaba infrastructure in Hong Kong.
For example, DNS queries to zhzcm.star1ine[.]com and outbound TCP connections to 8.210.9[.]4 on port 45 suggest data exfiltration or remote control activities.
.webp)
The campaign relies on centralized infrastructure hosted at IP address 47.243.192[.]62, which resolves to multiple malicious domains.
The attackers also utilize Let’s Encrypt TLS certificates to secure their spoofed websites, adding a layer of credibility to their operations.
.webp)
This campaign shows the importance of verifying software sources and avoiding unofficial download sites.
Users should remain vigilant against suspicious domains and rely on trusted platforms for software installations to mitigate such threats effectively.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses appeared first on Cyber Security News.
