Tropic Trooper Uses Trojan for Cyber Attacks

A new cyber attack campaign targeting Chinese-speaking users utilizes a trojanized version of the SumatraPDF reader to install the AdaptixC2 Beacon post-exploitation agent. This campaign was discovered by Zscaler ThreatLabz and is designed to exploit Microsoft Visual Studio Code (VS Code) tunnels for remote access. The discovery of the campaign occurred last month, with Zscaler expressing high confidence in attributing it to the threat group Tropic Trooper. This group is known for its targeted attacks on specific language communities, particularly in the Asian region. The use of SumatraPDF as a distribution method is noteworthy, as it is widely used software that is frequently downloaded by users in various regions.

The trojanization of this software allows attackers to spread malware without raising suspicion among users. After the trojan is installed, the AdaptixC2 Beacon Agent is activated, enabling attackers to take control of the affected system. This control is achieved by exploiting VS Code tunnels, which are a common method for remote connection among developers. The attacks are particularly dangerous as they not only jeopardize users' systems but can also siphon sensitive data. The threat posed by Tropic Trooper is not new; however, the current campaign represents a significant evolution in their methods.

Security researchers at Zscaler have already recommended measures to minimize risks. These include verifying software downloads and using security solutions that can protect against such threats. The exact number of affected users is currently unknown, but it is estimated that the spread of the trojan could have occurred in several thousand cases. The security situation remains tense as attackers continue to develop new methods to achieve their goals. The discovery of this campaign underscores the need for businesses and individuals to review and strengthen their cybersecurity practices.

The threat from Tropic Trooper highlights the importance of remaining vigilant and informed about current threats. The vulnerability exploited by these attacks could lead to further attacks in the future if appropriate measures are not taken. Zscaler has already announced plans to release more information to keep the public updated on developments in this matter. The discovery of the campaign was published by Zscaler on March 27, 2026, and security researchers are working to analyze the impact of the attacks and develop appropriate countermeasures. The threat from Tropic Trooper is an example of the ever-evolving landscape of cybercrime that affects both businesses and individuals alike.