Tmanger

The Chinese hackers tracked under the alias TA428 or Vicious Panda are a highly-experienced Advanced Persistent Threat (APT) group known for engaging in attacks against major targets in the Asia region. The group is known for using both public Remote Access Trojans (RATs) like Poison Ivy, as well as privately developed versions such as the unique Cotx RAT. In their most recent campaign, the TA428 hackers introduced a new project, which appears to go under the name Tmanger. Cybersecurity experts suspect that the project's name is meant to be 'Tamanager,' but it was misspelled by the criminals.

Active copies of the Tmanger were found on systems targeted by the TA428 hackers in Vietnam and Mongolia. The RAT appears to still be under active development, as cybersecurity experts recovered different versions of the threatening malware. The Tmanger RAT's functionality is typical for malware of this sort, and it enables its operators to perform the following tasks:

• Launch specific files.
• Receive information about a directory and its contents.
• Send files between the client and command and control server.
• Retrieve file information.
• Delete files.
• Grab a screenshot.
• Log keystrokes.
• Write files to the compromised system.

Tmanger also performs one automated task as soon as it infects a new device – it gathers information about the system's hardware, software, user information, and domain information. The collected data is then conducted to the remote control server.

The Vicious Panda RAT arsenal continues to grow with the introduction of the Tmanger RAT, which seems to share some similarities with the previously analyzed Cotx RAT. Even though custom-built malware of this sort is considered to be more secure than publicly available RATs, you can rest assured that it can still be stopped successfully by using a reputable anti-malware product.