Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
Summary
A new campaign by the Chinese-speaking threat actor Tropic Trooper targets Chinese speakers with a trojanized SumatraPDF reader. This malware deploys the AdaptixC2 Beacon post-exploitation agent and abuses Microsoft VS Code tunnels for remote access.
IFF Assessment
This campaign introduces new attack vectors and post-exploitation tools that expand the capabilities of a known threat actor, posing a greater risk to defenders.
Defender Context
Defenders should be aware of sophisticated phishing and trojanization campaigns that leverage legitimate software like SumatraPDF and developer tools like VS Code. Monitoring for unusual network activity related to VS Code tunnels and ensuring robust endpoint security to detect novel post-exploitation agents are crucial mitigation strategies.