This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- From Ransomware to Pig Butchering, Visa Report Shows Top Scams Impacting Consumers and Businesses Globally
March 20, 2024
Today, Visa released the Spring 2024 Edition of its Biannual Threats Report, which outlines the top payment threats impacting consumers and businesses around the world. The report points to increasingly organized, sophisticated threat actors targeting the most vulnerable point in the payments’ ecosystem: humans. Read more… Source: Yahoo News
- Fluffy Wolf sends out reconciliation reports to sneak into corporate infrastructures
March 19, 2024
The group has adopted a simple yet effective approach to gain initial access: phishing emails with an executable attachment. This way, Fluffy Wolf establishes remote access, steals credentials, or exploits the compromised infrastructure for mining The BI.ZONE Threat Intelligence team has detected a previously unknown cluster, dubbed Fluffy Wolf, whose activity can be traced back to ...
- ‘Glitch’ at Ethiopia’s biggest bank sees customers withdraw millions that isn’t theirs
March 19, 2024
Ethiopia’s largest bank is struggling to recoup millions of dollars after a glitch over the weekend allowed customers to withdraw unlimited funds, according to local media reports. More than $40 million was reportedly withdrawn from the state-owned Commercial Bank of Ethiopia or transferred to other banks, as customers discovered they could withdraw more than their total ...
- Social media influencers targeted by identity thieves
March 19, 2024
Social media influencers are attractive targets for identity thieves. With large followings and a literal influence on their followers, it’s no wonder they are targeted by scammers and spreaders of fake news. A subset of influencers are the so-called “finfluencers”: influencers that provide their followers with financial advice. Such a person influences the financial investment decisions of ...
- Threat landscape for industrial automation systems. H2 2023
March 19, 2024
In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. In H2 2023, building automation once again had the highest percentage of ICS computers on which malicious objects were blocked of all industries that we looked at. Oil and Gas was the only ...
- Ethereum’s Create2: A Double-Edged Sword In Blockchain Security
March 18, 2024
Ethereum’s CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds. The attack method involves tricking users into approving transactions for smart contracts that haven’t been deployed yet, allowing cybercriminals to later deploy malicious contracts and steal cryptocurrencies. This vulnerability highlights the ...