This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- The State of Ransomware 2024
April 30, 2024
The fifth Sophos State of Ransomware Report reveals the real-world ransomware experiences of 5,000 organizations around the globe, from root cause through to severity of attack, financial impact, and recovery time. Based on the findings of a survey of IT/cybersecurity leaders across 14 countries, this year’s report combines year-on-year insights with brand new areas of study. ...
- India Recorded 79 Million Cyber Attacks In 2023, Ranks 3rd Globally
April 30, 2024
India ranked as the third-largest country globally for phishing attacks after the US and UK, with its technology sector facing nearly 33 per cent of all such strikes, marking it as the most targeted industry, according to a report. The report by cybersecurity firm Zscaler showed a 60 per cent rise in global phishing attacks over ...
- Hull City Council suffers nine cyber attacks in three years
April 30, 2024
Hull City Council has paid £30,000 in data breach claims and suffered nine cyber attacks in the past three years, a report has found. The local authority confirmed it’s had nine cyber security incidents since 2021, five of which were phishing attacks (scams where attackers deceive people into revealing sensitive information). An investigation by DataBreachClaims.org.uk revealed ...
- Android Remote Access Trojan Equipped to Harvest Credentials
April 29, 2024
The SonicWall Capture Labs threat research team has been regularly sharing information about malware targeting Android devices. The researchers encountered similar RAT samples before, but this one includes extra commands and phishing attacks designed to harvest credentials. This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on ...
- Dutch cybersecurity experts warning companies about global ransomware attack
April 28, 2024
Dutch cybersecurity companies have issued warnings to thousands of companies about a global ransomware attack. The attackers, known as the Cactus Gang, are from Eastern Europe and have been active since the end of last year. The cybercriminals managed to penetrate the security systems of 122 companies, and at least 10 of those are in the ...
- Cybersecurity researchers spotlight a new ransomware threat – be careful where you upload files
April 26, 2024
Today’s browsers are almost operating systems unto themselves. They can run software programs and encrypt files. These capabilities, combined with the browser’s access to the host computer’s files – including ones in the cloud, shared folders and external drives – via the File System Access API creates a new opportunity for ransomware. Imagine you want to ...