Wednesday, May 7, 2025
HomeCyber AttackChinese Hackers Using Shared Framework To Create Multi-Platform Malware

Chinese Hackers Using Shared Framework To Create Multi-Platform Malware

Published on

SIEM as a Service

Follow Us on Google News

Shared frameworks are often prone to hackers’ abuses as they have been built into various applications, which offer a range of systems that can be exploited at the same time.

By attacking shared framework vulnerabilities, hackers can get into many apps and information stores, which escalates their malicious acts in terms of efficiency and scale.

Cybersecurity researchers at Symantec recently discovered that Chinese hackers have been actively abusing the Shared Framework to create Windows, Linux, macOS, and Android malware.

- Advertisement - Google News

Chinese Hackers Using Multi-Platform Malware

The malware toolkit of the Daggerfly espionage group has been refreshed by adding new versions of already known threats and a previously unattributed macOS backdoor.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

The latest attacks against the targets in Taiwan and a US NGO in China are examples of how the group’s tactics have evolved, including the exploitation of an Apache HTTP Server vulnerability.

This development shows that Daggerfly continues to evolve and remains involved in international and domestic spying operations, extending its decade-long history in the cyber field.

Macma is a macOS backdoor that was first documented in 2021. It has been active since 2019 and is continuously developing.

Watering hole attacks in Hong Kong were the initial distribution channels through which it exploited loopholes to install itself into macOS devices.

According to a recent Symantec analysis of different Macma variations, its functions change meaningfully with time, consequently comprising newly updated modules, improved file paths, heightened logging, and other features such as better screen-capture capabilities.

These ongoing developments depict a relentless threat by the Macma backdoor, which has a proven ability of targeting macOS systems.

New evidence links the Macma macOS backdoor to the Daggerfly threat group. Symantec discovered shared command-and-control infrastructure between Macma variants and a MgBot dropper. 

While Macma and other known Daggerfly malware share code from a common library, which provides functionality across multiple platforms. 

This shared codebase and infrastructure strongly suggest that Macma is part of the Daggerfly toolkit, marking a significant development in attributing this previously unaffiliated backdoor to a specific advanced persistent threat group.

Daggerfly’s toolkit now includes a sophisticated Windows backdoor called Suzafk (aka Nightdoor or NetMM). 

This multi-staged malware uses TCP or OneDrive for command and control, employs anti-analysis techniques, and shares code with other Daggerfly tools. 

Suzafk’s capabilities include remote command execution, persistence via scheduled tasks, and encrypted configuration storage. 

This addition, along with evidence of malware targeting various operating systems, including Android and Solaris, demonstrates Daggerfly’s advanced capabilities and adaptability in conducting espionage activities across multiple platforms.

IoCs

IoCs (Source – Symantec)

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

Lampion Banking Malware Uses ClickFix Lures to Steal Banking Credentials

Unit 42 researchers at Palo Alto Networks, a highly targeted malicious campaign orchestrated by...

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...