Tropic Trooper Uses Trojanized SumatraPDF to Access Hosts
🛡️ Zscaler ThreatLabz attributes a new campaign to Tropic Trooper that uses a trojanized SumatraPDF installer to deliver the AdaptixC2 Beacon post‑exploitation agent. Victims—primarily Chinese‑speaking individuals in Taiwan, with some targets in South Korea and Japan—are lured via military‑themed ZIP archives that show a decoy PDF while fetching encrypted shellcode. The backdoored reader launches a Xiangoop‑derived loader called TOSHIS, which stages payloads and only escalates to installing Visual Studio Code and configuring VS Code tunnels for persistent remote access on high‑value hosts.