This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Toyota confirms customer and employee data stolen, says breach at third party to blame
August 21, 2024
Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. Toyota told BleepingComputer that a breach at a third party had led to the ...
- Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum
August 20, 2024
The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the exploitation to other malicious actors. On underground criminal forums, these transactions allow actors with complementary skills to ...
- BVI Electricity Corporation suffers cyber attack
August 20, 2024
The BVI Electricity Corporation (BVIEC) announced on Monday, August 19, that it had fallen victim to a cyberattack. The power company stated that the attack has impacted both their internal and external operations. While the full details of the cyberattack have not been disclosed, BVIEC has assured the public that they are working closely with experts ...
- Ransomware attacks surge over 60% in UK and US
August 20, 2024
Malwarebytes’ 2024 State of Ransomware report published today (20 August) shows a surge in malicious activity on US and UK businesses. The “ThreatDown 2024 State of Ransomware” report reveals an alarming increase in ransomware attacks over the past year. In the US there has been a 63% increase in ransomware attacks on organisations and businesses, with ...
- Amsterdam municipality bans Telegram on work phones over security concerns
August 19, 2024
The municipality of Amsterdam has banned its civil servants from using the messaging app Telegram on their work phones due to concerns over criminal activity and potential espionage, local media reported on Monday. The ban, which was implemented at the end of April but only recently made public, is attributed to fears that Telegram could be ...
- Hacked GPS tracker reveals location data of customers
August 19, 2024
Stalkerware researcher maia arson crimew strikes again. Big time. We know maia as a researcher that loves to go after stalkerware peddlers, which Malwarebytes—as one of the founding members of the Coalition Against Stalkerware—loves to see. The investigation into Tracki, besides uncovering a tangled web of companies, dubious websites, and false identities, also led to a ...