This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- University of Western Australia suffers major data breach, staff and students locked out
August 11, 2025
One of Australia’s major universities has suffered a data breach, with the password information of thousands of staff and students exposed. The University of WA (UWA) confirmed it was investigating a cybersecurity incident on Saturday night, which involved unauthorised access of password information. Read more… Source: MSN Ness Sign up for the Cyber Security Review Newsletter The latest cyber security ...
- Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere
August 10, 2025
A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers’ vehicles. Eaton Zveare, who works as a security researcher at software delivery company Harness, told TechCrunch the flaw he discovered allowed the ...
- Massive leak of over 115 million US payment cards caused by Chinese “smishing” hackers
August 10, 2025
A wave of advanced phishing campaigns, traced to Chinese-speaking cybercriminal syndicates, may have compromised up to 115 million US payment cards in just over a year, experts have warned. Researchers at SecAlliance revealed these operations represent a growing convergence of social engineering, real-time authentication bypasses, and phishing infrastructure designed to scale. Investigators have identified a figure ...
- Bouygues Telecom data breach could affect millions of customers
August 8, 2025
French telco giatn Bouygues Telecom has confirmed suffering a cyberattack in which it lost sensitive customer data. In a short announcement published on its website, the company said it detected the attack on August 4, and following an investigation, determined threat actors stole people’s contact details, contract data, civil status data (or company details), and IBAN ...
- Google says UNC6040 hackers stole some of its data following Salesforce breach
August 7, 2025
Cybercriminals known as ShinyHunters (UNC6040) recently broke into Google and stole business customer information from one of its corporate Salesforce instances, the company has confirmed. In a blog post breaking down ShinyHunters’ modus operandi, the company somewhat played down the importance of the incident, noting the miscreants didn’t really grab anything sensitive, or of particular value. Read ...
- An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life
August 6, 2025
Whether it’s in the water we drink, the medicines we take, or the electricity we use to read blog posts on the internet, Industrial Control Systems (ICS) are part of our daily lives. There’s so much that relies on these systems, you’d like to assume they’re engineered and tested to guard against cyberattacks. You’d be wrong. ...