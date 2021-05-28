Chinese cyberespionage campaign uses new backdoor. Necro bot gains new abilities. Google ads abused to deliver malware. Chinese cyberespionage campaign uses new backdoor. Check Point is tracking a Chinese cyberespionage campaign targeting a Southeast Asian government with a newly observed Windows backdoor. The campaign has been running for more than three years, and uses spearphishing documents created with the RoyalRoad RTF builder. The researchers note, “Searching for files similar to the final backdoor in the wild, we encountered a set of files that were submitted to VirusTotal in 2018. The files were named by the author as MClient and appear to be part of a project internally called SharpM, according to their PDB paths. Compilation timestamps also show a similar timeframe between July 2017 and June 2018, and upon examination of the files, they were found to be older test versions of our VictoryDll backdoor and its loaders chain.”