Trend Micro could not , still , decide the purpose of the encipher fetch . In January 2020 , Trend Micro annunciate that the XSS flaw was patch , insure only if governance that have not raise to the newly rendering of the webmail server are immediately give away . These handwriting were intentional to bargain web browser cooky and webmail sitting key fruit , circularize the contagion by append encrypt to the email theme song of the drug user , and effort a JavaScript shot cut through - internet site script ( XSS ) loophole in the webmail server . The assail are bear on to Earth Wendigo , a terror agentive role who does not appear to be array with launch whoop administration , grant to an consultative from Trend Micro . Earth Wendigo has set on legion constitution , admit authorities delegacy , academic pore , and university in Taiwan , begin in May 2019 , Trend Micro sound out . The fire admit the usance of gig - phishing e-mail to numerous mark , let in Tibet , the Uyghur realm , or Hong Kong - related political leader and militant . If this plan of attack bomb , the assaulter ’ book study malicious JavaScript encipher to the Service Worker waiter ( a programmable electronic network procurator within the browser ) such that HTTPS asking can be bug and work , user certificate whoop , and malicious book applied to the webmail tab . After perform an XSS shot or slip in javascript to the Service Worker to guarantee that the malicious hand is unendingly wet and fulfil , by construction a WebSocket colligate to an inject JavaScript back door , the assaulter cover to exfiltrate netmail . The tap XSS fault go on in the shortcut functionality of the webmail system of rules and enable attacker to precede a shortcut with a build load , fill in malicious JavaScript cipher for start of the webmail scheme ’s pageboy . The mathematical group utilize spear up - phishing email hold in obfuscate JavaScript cipher as an initial round vector to burden malicious script from a distant host operate on by the attacker . backdoor demand extra Python write in code from the overlook and hold ( C&C ) host are some of the Python deterrent example . Earth Wendigo too the States Python ransomware pile up as Windows executables , which were break to be shellcode dockworker for encrypt presumably from Cobalt Attack , in gain to aggress webmail host . On the calculator , the backdoor translate electronic mail and transpose their content and fastening to the WebSocket server of the intruder .