This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Ransomware Attackers Target Kansas Water Treatment Facility
September 24, 2024
On Sunday, a cyber attack on a water utility in Arkansas City, Kansas prompted its treatment facility to revert to manual operations. The city manager, Randy Frazer, confirmed that the water supply remains unaffected and safe, with no disruption to service reported. The plant’s manual operation is a precautionary measure to enhance security while the situation ...
- Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
September 23, 2024
Since 2022, Mandiant has tracked and reported on IT workers operating on behalf of the Democratic People’s Republic of Korea (DPRK). These workers pose as non-North Korean nationals to gain employment with organizations across a wide range of industries in order to generate revenue for the North Korean regime, particularly to evade sanctions and fund ...
- 100 million+ US citizens have records leaked by background check service
September 23, 2024
A background check left a huge database unprotected online containing 2.2TB of people’s data, according to research by Cybernews. The database was left passwordless and easily accessible to anyone on the internet by background check firm MC2 Data. MC2 Data gathers publicly available data to provide decision makers with information whether someone can rent a house, ...
- China accuses Taiwan-backed group of cyberattacks
September 23, 2024
The Ministry of State Security said a Taiwan military-backed hacking group has been carrying out cyberattacks against targets in China, urging people to report “anti-propaganda sabotage”. The ministry said since the beginning of this year, Anonymous 64 had sought to upload and broadcast “content that denigrates the mainland’s political system and major policies” on websites, outdoor ...
- How the Necro Trojan infiltrated Google Play, again
September 23, 2024
In late August 2024, Kaspersky researchers attention was drawn to a Spotify mod called Spotify Plus, version 18.9.40.5. At the time of writing this, the mod could be downloaded from spotiplusxyz and several related sites that linked to it. The original website claimed that the mod was certified, safe, and contained numerous additional features not found ...
- Philippines: Department of Foreign Affairs concerned over data breach at passport printing unit
September 21, 2024
The Department of Foreign Affairs (DFA) of the Philippines has announced that they’re really concerned over the data breach at APO Production Unit – a government-owned and controlled corporation (GOCC) in charge of printing passports. During a Senate finance subcommittee hearing on the agency’s proposed budget for 2025, DFA Office of Consular Affairs Assistant Secretary Adelio ...