Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists

Executive Summary

Over the past seven months, Unit 42 has been investigating a series of attacks we attribute to a group we have code named “Scarlet Mimic.” The attacks began over four years ago and their targeting pattern suggests that this adversary’s primary mission is to gather information about minority rights activists. We do not have evidence directly linking these attacks to a government source, but the information derived from these activities supports an assessment that a group or groups with motivations similar to the stated position of the Chinese government in relation to these targets is involved. …Continue reading


The Threat Intelligence Research That Mattered to You This Year

blog-title-unit42-500x68

Unit 42 did some incredible work in 2015 discovering, analyzing and disclosing malware – some new and others making a reappearance. Take a look below at some of their top threat intelligence research from this past year:

XcodeGhost

Unit 42 analyzed XcodeGhost, which modifies Xcode and infects Apple iOS Apps, and its behavior. The team found that many popular iOS apps were infected, including WeChat, one of the most popular messaging applications in the world, and that the XcodeGhost attacker can phish passwords and open URLs through these infected apps. …Continue reading


iOS Trojan “TinyV” Attacks Jailbroken Devices

posted by: on December 15, 2015 4:45 PM

filed in: Malware, Mobility, Threat Prevention, Unit 42
tagged: , , , ,

In October 2015, we discovered a malicious payload file targeting Apple iOS devices. After investigating, we believe the payload belongs to a new iOS Trojan family that we’re calling “TinyV”. In December 2015, Chinese users reported they were infected by this malware. After further research, we found the malware has been repackaged into several pirated iOS apps that are available for download via multiple channels. In this blog, we will discuss how the TinyV Trojan spreads and how it works.

Repackaging and Spreading

TinyV was repackaged into some pirated iOS apps for jailbroken devices. Infected iOS apps include “Watermelon Player (西瓜播放器)”, “Youku (优酷)”, “iQiYi (爱奇艺)” and others. After repackaging, these apps were uploaded to websites for downloading. …Continue reading


Older posts →