Cybersecurity firm Trend Micro has uncovered a new malware named UNAPIMON which is linked to the advanced Chinese hacking group APT41, known as Winnti.

APT41 is a state-backed entity engaged in both cyberespionage and financially driven cyberattacks, affecting a wide range of sectors internationally.

UNAPIMON is crafted in C++ and delivered as a DLL, utilizing Microsoft Detours for evading detection by interfering with critical API functions in child processes.

The malware is used by Earth Freybug, an actor associated with APT41, to circumvent Windows API monitoring, thereby avoiding discovery by antivirus systems.

Earth Freybug's activities include cyber espionage, supply chain attacks, and theft of trade secrets and intellectual property, targeting the US, Asia, governments, and critical infrastructures.

APT41 has been operational since at least 2012 and has faced charges from the US government for its involvement in widespread cyberattacks.

The emergence of UNAPIMON highlights the need for organizations to bolster their defenses against sophisticated cyber threats posed by groups like APT41.