Chinese security engineers from Alibaba and Baidu have discovered backdoored Unity3D (v4.6.4 to 5.1.1) in the wild. The infected SDKs share the same behaviors as the infamous XCodeGhost trojan. Four types of malicious attacks have been uncovered and PoC'ed:
* Targeted phishing by prompting an alert box.
* Downloading apps with enterprise certificates.
* Opening a phishing web site in the browser.
* Launching App Store to promote specific apps.
(The last two attacks are exploiting the same vector.)
* Targeted phishing by prompting an alert box.
* Downloading apps with enterprise certificates.
* Opening a phishing web site in the browser.
* Launching App Store to promote specific apps.
(The last two attacks are exploiting the same vector.)