State-sponsored North Korean hackers are as soon as once more concentrating on victims with a brand new type of malware that might probably hijack cell and PC units.
In accordance with a brand new report from cybersecurity researchers AhnLab, a bunch often known as APT37 (AKA RedEyes, Erebus, a recognized North Korean group believed to be strongly affiliated with the federal government), was seen distributing malware dubbed “M2RAT” to spy on, and extract delicate information from, goal endpoints.
The marketing campaign, which kicked off in January 2023, began with a phishing electronic mail that distributes a malicious attachment. The attachment exploits an outdated EPS vulnerability, tracked as CVE-2017-8291, present in Hangul, a phrase processor program often utilized in South Korea.
This interplay triggers the obtain of a malicious govt, saved in a JPEG picture.
Utilizing steganography (a way of hiding malware in footage and different non-malicious file varieties), the attackers are capable of exfiltrate the M2RAT and inject it into the explorer.exe file.
The M2RAT itself, researchers say, is comparatively primary. It logs key entries, steals information, can run varied instructions, and take screenshots routinely. Nevertheless, it has a novel characteristic that caught their consideration – the power to scan for transportable units, reminiscent of smartphones, related to the compromised Home windows endpoint. If it detects such a tool, it should scan it, and obtain any information and voice recordings to the Home windows machine. After that, it should compress it right into a password-protected .RAR archive and ship to the attackers.
Lastly, it should delete the native copy to take away any proof of any wrongdoing.
The malware was additionally noticed utilizing a shared reminiscence part for command & management (C2) communication, in addition to information theft. That method, it doesn’t must retailer the stolen information within the compromised system and go away any traces.
APT37 is sort of an energetic menace actor. It was final seen in December final yr, when researchers noticed it abuse a flaw in Web Explorer to focus on people in South Korea.
By way of: BleepingComputer (opens in new tab)