This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Palo Alto VPN bug graduates from advisory to active exploitation
June 1, 2026
Palo Alto customers are being been told to patch yet another internet-facing security flaw after researchers caught attackers bypassing GlobalProtect authentication and gaining unauthorized VPN access. The flaw, tracked as CVE-2026-0257, affects PAN-OS deployments using GlobalProtect authentication override cookies under specific configurations. Read more… Source: The Register Sign up for the Cyber Security Review Newsletter The latest cyber security news and ...
- Grand Theft Auto V cheat service gets hacked, exposing thousands of gamers
June 1, 2026
Atlas Menu, a cheat service for popular online video game Grand Theft Auto V, has been hacked, according to data breach notification website Have I Been Pwned. The stolen data included users’ email addresses, usernames, scrambled passwords, IP addresses, and support tickets, according to Have I Been Pwned, which said almost 64,000 accounts were part of the ...
- CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation
June 1, 2026
Rapid7 Senior Principal Security Researcher Stephen Fewer discovered CVE-2026-0826, a critical unauthenticated stack-based buffer overflow vulnerability affecting multiple HP Poly VoIP devices. If you’ve been around vulnerability research long enough, the bug class here is going to feel very familiar. And interestingly enough, that’s exactly why it deserves attention. These older exploitation primitives never really went ...
- Containers on fire: from container escapes to supply chain attacks
June 1, 2026
Modern infrastructures universally rely on containerization to deploy applications, scale services, and build cloud platforms. The use of Docker, Kubernetes, and similar technologies has become the corporate standard for efficient automation. However, as containers grow in popularity, so does the interest of malicious actors — a trend Kaspersky actively track in our research into advanced ...
- Physical attacks on major crypto holders is on the rise as ‘Whales’ are targeted for kidnapping News
May 30, 2026
Cryptocurrency executives and whales alike are increasingly being targeted by a mix of criminal elements worldwide, even as security continues to be beefed up to protect the not-so-anonymous owners of cryptocurrency. The transparency introduced to the crypto world is putting some coin-collectors at risk of physical harm, and even kidnapping. But many are also being outed by ...
- Dutch cops wrest 17M devices from mystery botnet’s clutches
May 29, 2026
Dutch police say they dismantled a large botnet this week comprising at least 17 million infected devices. After being tipped off by a researcher at the Netherlands’ National Cyber Security Centre (NCSC-NL), police began an investigation, which resulted in the discovery of 200 servers underpinning the botnet’s infrastructure located in the country. Cybercrime specialists at The Hague ...