Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Published: 3 hours ago (April 24, 2026 at 05:29 AM EDT)

1 min read

Source: The Hacker News

Overview

Chinese‑speaking individuals are the target of a new campaign that uses a trojanized version of the SumatraPDF reader to deploy the AdaptixC2 Beacon post‑exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access.

Campaign Details

Malicious Tool: A modified SumatraPDF reader that contains the AdaptixC2 payload.
Payload: AdaptixC2 Beacon, a post‑exploitation agent designed to establish persistent control.
Abuse Vector: The beacon leverages VS Code tunnels to provide remote access to compromised systems.

Attribution

Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to Tropic Trooper (aka …).

Back to Blog

Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine

The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security...

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

Summary A high‑severity security flaw in LMDeploy, an open‑source toolkit for compressing, deploying, and serving large language models LLMs, has been actively...

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Sa...

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Cybersecurity researchers have warned of malicious images pushed to the official checkmarx/kicshttps://hub.docker.com/r/checkmarx/kics Docker Hub repository. In...