This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- IoT Security: Your Next Breach Could Start with Your Thermostat
August 4, 2025
Universities are filling up with network-connected devices. Smart locks manage building access. HVAC systems run on automated controls. Cameras stream to command centers. Vending machines, printers, thermostats, research tools, and classroom displays all connect to the network. The Internet of Things (IoT) is everywhere. These devices are often invisible to most of campus life, quietly making ...
- Arkham Says $3.5B LuBian Bitcoin Theft Went Undetected for Nearly Five Years
August 2, 2025
A crypto wallet tied to a little-known Chinese mining pool may have been the victim of the largest bitcoin theft ever recorded, according to new findings from Arkham Intelligence. n an Aug. 2 thread on X, the onchain analytics firm said it had uncovered evidence that 127,426 BTC — worth $3.5 billion at the time — ...
- Luxembourg: Cybercriminals stole thousands from BIL customers using phishing scam
August 2, 2025
After cybercriminals stole thousands from BIL customers using a fake website, the banking association maintains that digital banking tools remain safe, but users must stay vigilant. In the wake of a sophisticated phishing scheme that led to major financial losses for dozens of BIL customers, The Luxembourg Banker’s Association (ABBL) is defending the security of the ...
- Ransomware attacks cripple government services across Dutch Caribbean islands
August 2, 2025
Several major government institutions across the Caribbean part of the Kingdom of the Netherlands were hit by cyberattacks last week, including a ransomware attack on Curaçao’s Tax and Customs Administration that temporarily disabled critical services, NOS reports. According to Curaçao’s Minister of Finance, ransomware was used in the attack on the tax authority. After the breach ...
- Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN
August 1, 2025
In late July 2025, Arctic Wolf observed an increase in ransomware activity targeting SonicWall firewall devices for initial access. In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs. While credential access through brute force, dictionary attacks, and credential stuffing have not yet ...
- Ransomware gangs are now expanding to physical threats in the real world
August 1, 2025
Ransomware gangs seem to be getting desperate when it comes to getting results, as besides encrypting and leaking data on the web, they’ve also started threatening CEOs with physical violence. Cybersecurity researchers Semperis claim over the past 12 months, in 40% of ransomware incidents, the CEOs of the affected company were also physically threatened – which ...