Adrian Johnson
TLDR:
- Chinese APT41 has upgraded its malware arsenal with DodgeBox and MoonWalk, a new backdoor.
- The group is using evasion techniques like Google Drive for command-and-control communication.
The China-linked advanced persistent threat (APT) group APT41 has been identified as using an advanced version of StealthVector to deliver a new backdoor named MoonWalk. The new variant, called DodgeBox, was discovered by Zscaler ThreatLabz in April 2024. DodgeBox serves as a loader for the MoonWalk backdoor, which utilizes Google Drive for command-and-control communication. APT41 has been active since 2007 and has been linked to various cyber intrusion campaigns targeting companies worldwide. The group is known for stealing source code, software code signing certificates, and customer data, as well as engaging in criminal schemes like ransomware and crypto-jacking. DodgeBox employs DLL side-loading techniques to execute the malicious payload, MoonWalk. The malware loader exhibits multiple evasion techniques to avoid detection and is considered an improved version of StealthVector. The attribution of DodgeBox to APT41 is based on its similarities to StealthVector and other known tactics used by Chinese-nexus threat groups. Security researchers recommend staying informed about the latest developments to defend against evolving cyber threats like DodgeBox and MoonWalk.
