Newsinterpretation

SparrowDoor 2.0: Chinese Hackers Deploy Powerful Malware in Global Attacks

A group of Chinese hackers called FamousSparrow is in the news again for launching new cyberattacks. This time, they targeted a trade group in the United States. But they didn’t stop there. Security experts at ESET, a global cybersecurity company, found that the group also attacked a research institute in Mexico and a government office in Honduras.

Chinese Hackers Strike Again with More Advanced Malware

The hackers broke into these systems by using weak spots in old Microsoft Exchange and Windows Server programs. They took advantage of security flaws that had not been fixed. This let them install secret tools called webshells. These tools gave the hackers remote control over the infected systems without being noticed.

ESET’s research shows that FamousSparrow is more active than experts first thought. The group was exposed in 2022. However, they kept running their spying operations. They also improved their methods and created even more dangerous malware.

What Is SparrowDoor and Why Is It Dangerous?

The new attacks use a powerful backdoor program called SparrowDoor. This harmful software gives hackers full access to infected computers. It lets them steal data, watch activity, and even control the system.

The hackers have created two new versions of SparrowDoor. The updated malware is much more dangerous than before. It has better code, making it more stable and efficient. This also makes it harder for security programs to find and remove.

Another big improvement is parallel command execution. This lets the malware do many tasks at once. It can keep listening for new commands while doing slow tasks, like copying files or running remote commands.

Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?

The backdoor also uses stealth and persistence techniques. With improved encryption and smarter methods of staying hidden, it becomes more difficult for antivirus programs to detect and eliminate it.

One of the most concerning changes is its modular design. This means the hackers can add new features to the malware while it is still running. They can send extra “plugins” to infected systems in real-time, enhancing the malware’s spying and disruptive capabilities.

These plugins give the malware more power. It can access the computer’s shell and take screenshots of the victim’s screen. It can record keystrokes to steal passwords or other sensitive data. The malware can also steal, delete, or change files. It can create secret network proxies to hide the hackers’ location. It can send stolen data to remote servers and even stop or list running processes.

With these expanded abilities, FamousSparrow can operate silently and efficiently, making it extremely difficult for security systems to detect and block their activities.

The ShadowPad Connection: More Dangerous Tools in Play

One of the most alarming findings in ESET’s report is that FamousSparrow is now using a dangerous tool called ShadowPad. This is a highly advanced Remote Access Trojan (RAT), which acts like a digital Swiss Army knife for hackers. ShadowPad can perform multiple cyberespionage functions, including stealing sensitive data, spreading across networks, and providing remote access to infected systems.

To use ShadowPad, the hackers used a clever trick called DLL side-loading. This method uses a fake Microsoft Office file to secretly run the malware. They disguised it as a renamed Microsoft Office IME file. Then, they injected it into Windows Media Player (wmplayer.exe). This let the malware run without being noticed. It also connected to a hidden command-and-control (C2) server. This gave the hackers direct access to the infected system.

Critical Vulnerabilities: The Dark Side of Pacemaker Technology

Interestingly, ShadowPad is linked to multiple Chinese state-sponsored hacking groups. This suggests that FamousSparrow may now have access to top-tier cyber tools used by other powerful Chinese hacking groups.

Microsoft has grouped FamousSparrow with other Chinese hacking groups. These include GhostEmperor and Earth Estries. They call them Salt Typhoon. ESET tracks them as separate groups. However, they admit the groups use similar tools and methods. This suggests they may share resources or work with the same underground supplier.

 

Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

“Pay more and enjoy nothing”—Newsom torches Trump’s tariff push as costs for food, cars, and flights soar

California Governor Gavin Newsom has strongly criticized President Donald...

Eric Trump explodes on Newsmax — claims Biden tried to break up Donald and Melania’s marriage

Eric Trump has sparked fresh controversy after making a...

Republicans brace as AOC’s rising momentum threatens to upend 2026 and 2028 elections

Republicans warn their party not to underestimate Representative Alexandria...

WestJet Reveals Passenger Data Breach Raising Security Concerns

Canadian airline WestJet has confirmed that some passenger information...

Japanese beer giant Asahi confirms cyberattack halts shipping and ordering in Japan temporarily

Japanese beer giant Asahi has confirmed a cyber attack...

Leaked emails expose Epstein’s secret hand in Israel–Mongolia security pact with Barak

A new set of leaked emails shows Jeffrey Epstein...

Award stage turns battlefield as Harris brands Trump an unchecked, incompetent and unhinged President

Kamala Harris, the former vice president and 2024 Democratic...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Federal firepower hits AOC’s Queens district as FBI targets Roosevelt Avenue crime empire

The FBI has moved into action in Queens, New...

Republicans brace as AOC’s rising momentum threatens to upend 2026 and 2028 elections

Republicans warn their party not to underestimate Representative Alexandria...

WestJet Reveals Passenger Data Breach Raising Security Concerns

Canadian airline WestJet has confirmed that some passenger information...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...
error: Content is protected !!
Exit mobile version