This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Norway spy chief blames Russian hackers for hijacking dam
August 14, 2025
Russian hackers briefly hijacked a dam in Norway in early April and spilled millions of gallons of water before the attack was stopped, Norway’s spy chief revealed Thursday. The hackers opened a floodgate at the Bremanger dam in western Norway to release the equivalent of about three Olympic-sized swimming pools of water during the four hours ...
- Cyber attack on Nigeria Customs Service disrupts clearance operations
August 14, 2025
A cyber attack on the Information Communication Technology (ICT) platform of the Nigeria Customs Service (NCS) has caused significant disruptions to cargo clearance operations at ports across the country. Licensed Customs agents are already counting their losses to demurrage charges on their consignments as a result of the disruption. Confirming the development, NCS spokesman and Assistant ...
- New trends in phishing and scams: How AI and social media are changing the game
August 13, 2025
Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events: anything to lure in their next victim. Since our last publication on phishing tactics, there ...
- FBI: Fictitious Law Firms Targeting Cryptocurrency Scam Victims Combine Multiple Exploitation Tactics While Offering to Recover Funds
August 13, 2025
This updated advisory provides additional red flag indicators and due diligence measures to help victims who have been in contact with fictitious law firms conducting this fraudulent activity. This scheme combines a number of exploitation tactics including targeting vulnerable populations, particularly the elderly; exploiting victims’ emotional state and financial need to recover funds from a previous ...
- Pandora cyber attack highlights growing threat to ecommerce
August 13, 2025
The global jeweller, Pandora has recently fallen victim to a cyber attack — becoming the latest high-profile cyber incident. Last week, Pandora confirmed that it had been hit by a cyber attack, with customer data being breached as a result. However, the company claimed that no confidential information, such as passwords and credit card details, was ...
- Fortinet Releases Security Advisory for Authentication Bypass Vulnerability
August 12, 2025
An authentication bypass using an alternate path or channel vulnerability in FortiOS, FortiProxy & FortiPAM may allow an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager’s serial number. Read more… Source: Fortinet Sign up for the Cyber ...