February 18, 2025 By Bill Toulas
The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software.
This technique was discovered by threat researchers at Trend Micro, who track the threat group as Earth Preta, reporting that they have verified over 200 victims since 2022.
Mustang Panda's targeting scope, based on Trend Micro's visibility, includes government entities in the Asia-Pacific region, while the primary attack method is spear-phishing emails that appear to come from government agencies, NGOs, think tanks, or law enforcement.
The threat group was previously seen in attacks targeting governments worldwide using Google Drive for malware distribution, custom evasive backdoors, and a worm-based attack chain.
