This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Australia: Russian man Aleksandr Ermakov has been sanctioned over the Medibank data breach
January 23, 2024
The Australian government has used Magnitsky-style sanctions for the first time to punish Russian man Aleksandr Ermakov over what it says is his role in the 2022 Medibank Private data breach. Foreign Minister Penny Wong, Home Affairs Minister Clare O’Neil and Deputy Prime Minister Richard Marles made the announcement on Tuesday morning. But what exactly are ...
- New macOS backdoor stealing cryptowallets
January 22, 2024
A month ago, Kaspersky researchers discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. The researchers recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking ...
- Lebanon: Ministry of Social Affairs’ website suffers cybersecurity breach
January 22, 2024
The Ministry of Social Affairs’ website has been subjected to a cyber-attack. Authorities are actively working to resolve the issue and ensure the restoration of normalcy to the site. Reportedly, the website does not contain any personal information. Read more… Source: Lebanese Broadcasting Corporation International
- LoanDepot outage drags into second week after ransomware attack
January 19, 2024
LoanDepot customers say they have been unable to make mortgage payments or access their online accounts following a suspected ransomware attack on the company last week. The mortgage and loan giant said on January 8 that it was working to “restore normal business operations as quickly as possible” following a security incident that involved the “encryption ...
- VF Corp’s cyber incident causes data breach of 35.5 million consumers
January 19, 2024
Vans sneaker maker VF Corp said on Thursday the cyber incident that hit the company in December led to a breach of personal data of about 35.5 million consumers, and added that it does not expect a material impact to its financials. The unauthorized activity, detected on Dec. 13, disrupted global customer orders on its e-commerce ...
- Carnegie Mellon University hit by cyberattack, informs 7,300 people possibly affected
January 19, 2024
Carnegie Mellon University informed about 7,300 people that their personal information may have been compromised in an August cyberattack that was quietly investigated by law enforcement and the university. The breach impacting one of the nation’s top schools for computing was acknowledged by the university as higher education in general faces a growing assault by digital ...