The MgBot malware has been found to be delivered to an NGO in Mainland China by an advanced persistent group (APT) known as Evasive Panda. This group has been attributed to multiple cyber espionage attacks targeting various groups in China, Hong Kong, and other parts of East and South Asia since at least December 2012. The malware is capable of downloading additional components to perform duties such as stealing files, logging keystrokes, credential theft from web browsers, etc. Victims appear to be part of an unnamed NGO in the provinces of Gansu, Guangdong, and Jiangsu. The attack is also delivered through a legitimate update of the Tencent QQ Windows client software updater, which is indicative of either a supply chain attack or an Adversary in the Middle attack. The same malware has also been observed to target telecom service providers in Africa.