This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer.
Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant of this family in 2019. One of the new variants uses a Portable Executable (PE) file and the other uses a PowerShell implementation. The PE and PowerShell variants are both initiated by clicking a Windows shortcut (LNK) file that downloads a dropper file from an attacker-controlled content delivery network (CDN) account.
Read more…
Source: Palo Alto Unit 42
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- IoT: a malware story
October 15, 2019
Since 2008, cyber-criminals have been creating malware to attack IoT-devices, such as routers and other types of network equipment. You will find a lot of statistics on this on Securelist, most notably, here and here. The main problem with these IoT/embedded devices is that one simply cannot install any kind of security software. How do we deal with ...
- Sudo Bug Opens Root Access on Linux Systems
October 15, 2019
A vulnerability in Sudo, a core command utility for Linux, could allow a user to execute commands as a root user even if that root access has been specifically disallowed. Sudo is a utility that allows a system administrator to give certain users (or groups of users) the ability to run commands in the context of ...
- A glimpse into the present state of security in robotics
October 14, 2019
The world of today continues its progress toward higher digitalization and mobility. From developments in the Internet of Things (IoT) through augmented reality to Industry 4.0, whichrely on stronger automation and use of robots, all of these bring more efficiency to production processes and improves user experience across the globe. According to some estimates, these systems ...
- EU Report Highlights Cybersecurity Risks in 5G Networks
October 14, 2019
The extent with which 5G networks use software is one of the top security issues for mobile networks as well as devices and current technologies (for example, 3G, 4G) that use or incorporate it, according to an EU report supported by the European Commission and European Union Agency for Cybersecurity. 5G networks are unique compared to ...
- Fin7 Cybergang Retools With New Malicious Code
October 11, 2019
The Fin7 cybercrime group has ramped up its offensive capabilities by adding new malicious code to its malware arsenal. Researchers said that this is evidence that Fin7 is still a growing threat despite the arrest of several Fin7 members in 2018. The notorious group has adopted a new dropper sample called Boostwrite, which uses new detection evasion ...
- macOS users targeted with new Tarmac malware
October 11, 2019
Security researchers have discovered a new piece of Mac malware; however, some of its purpose and full features will remain a mystery for a little longer. Named Tarmac (OSX/Tarmac), this new malware was distributed to macOS users via online malvertising (malicious ads) campaigns. These malicious ads ran rogue code inside a Mac user’s browser to redirect the ...