This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Mystic Stealer Revisited
October 25, 2023
Mystic Stealer is a relatively new downloader and information stealer that emerged in early 2023. The malware harvests data from a large number of web browsers and cryptocurrency wallet applications. Mystic can also be used to steal Steam game credentials and arbitrary files from an infected system. Mystic stands out for the level of obfuscation ...
- 2023 Zscaler ThreatLabz Report Indicates 400% Growth in IoT Malware Attacks
October 24, 2023
This Zscaler ThreatLabz blog serves as a brief synopsis of the key points revealed in their 2023 Enterprise IoT and OT Threat Report. The report explores the growth of Internet of Things (IoT) device traffic and IoT malware attacks, in addition to how legacy vulnerabilities, targeted devices, and specific industries have become central players in the ...
- 5 southwestern Ontario hospitals hit by cyberattack, patient appointments to be rescheduled
October 24, 2023
Online services such as patient records and email have been down since Monday morning at five southwestern Ontario hospitals following a cyberattack, according to the hospitals’ IT provider. TransForm is a local non-profit founded by Windsor Regional Hospital, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, Bluewater Health and the Chatham-Kent Health Alliance to run IT, supply chain ...
- Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware
October 24, 2023
In Brazil the PIX payment system is becoming more and more popular. Unsurprisingly, cybercriminals are jumping on the bandwagon, trying to abuse the system for their profit. A good example of this is GoPIX, a malware campaign that has been active since December 2022. The attack cycle begins when a potential victim searches for “WhatsApp web”. ...
- The outstanding stealth of Operation Triangulation
October 23, 2023
In the previous blogpost on Triangulation, Kaspersky researchers discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. The researchers mentioned, among other things, that it is able to execute additional modules. They also mentioned that this operation was quite stealthy. This article details ...
- From Copacabana to Barcelona: The Cross-Continental Threat of Brazilian Banking Malware
October 23, 2023
Proofpoint researchers have long tracked clusters of malicious activity using banking malware to target users and organizations in Brazil and surrounding countries. Recently, researchers observed multiple threat clusters targeting Spain from threat actors and malware that have traditionally targeted Portuguese and Spanish speakers in Brazil, Mexico, and other parts of the Americas. While the targeting ...