• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
kimsuky hackers spotted using 3 new android malware to target

Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans

You are here: Home / General Cyber Security News / Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans
October 26, 2022

The North Korean espionage-centered actor acknowledged as Kimsuky has been observed utilizing 3 various Android malware strains to focus on customers found in its southern counterpart.

That is according to results from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy.

“The FastFire malware is disguised as a Google security plugin, and the FastViewer malware disguises itself as ‘Hancom Office Viewer,’ [while] FastSpy is a distant accessibility tool based on AndroSpy,” scientists Lee Sebin and Shin Yeongjae explained.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Kimsuky, also recognized by the names Black Banshee, Thallium, and Velvet Chollima, is considered to be tasked by the North Korean regime with a global intelligence-collecting mission, disproportionately focusing on individuals and companies in South Korea, Japan, and the U.S.

This previous August, Kaspersky unearthed a beforehand undocumented an infection chain dubbed GoldDragon to deploy a Windows backdoor capable of thieving facts from the victim this kind of as file lists, person keystrokes, and stored web browser login credentials.

Android MalwareAndroid Malware

The innovative persistent risk is also recognized to an Android version of AppleSeed implant to execute arbitrary actions and exfiltrate data from the contaminated products.

FastFire, FastViewer, and FastSpy are the most up-to-date additions to its evolving Android malware arsenal, which are made to acquire instructions from Firebase and down load supplemental payloads.

“FastViewer is a repackaged APK by adding arbitrary destructive code inserted by an attacker to the regular Hancom Place of work Viewer app,” the researchers stated, incorporating the malware also downloads FastSpy as a up coming-phase.

The rogue applications in problem are down below –

  • com.viewer.fastsecure (Google 보안 Plugin)
  • com.tf.thinkdroid.secviewer (FastViewer)

Both equally FastViewer and FastSpy abuse Android’s accessibility API permissions to satisfy its spying behaviors, with the latter automating consumer clicks to grant alone considerable permissions in a method analogous to MaliBot.

CyberSecurity

FastSpy, after introduced, allows the adversary to seize control of the qualified devices, intercept phone phone calls and SMSes, keep track of users’ destinations, harvest files, seize keystrokes, and history information and facts from the phone’s digicam, microphone, and speaker.

Android Malware

S2W’s attribution of the malware to Kimsuky is based on overlaps with a server domain named “mc.pzs[.]kr,” which was previously used in a Could 2022 marketing campaign recognized as orchestrated by the group to distribute malware disguised as North Korea linked press releases.

“Kimsuky team has constantly done attacks to steal the target’s information and facts focusing on cell units,” the researchers explained. “In addition, many attempts are currently being produced to bypass detection by customizing Androspy, an open up resource RAT.”

“Considering that Kimsuky group’s cell concentrating on approach is finding more highly developed, it is important to be mindful about subtle attacks targeting Android gadgets.”

Discovered this write-up exciting? Comply with THN on Fb, Twitter  and LinkedIn to read much more exclusive articles we submit.


Some areas of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Hive Ransomware Group Leaks Data Stolen in Tata Power Cyber-Attack
Next Post: This 9-Course Bundle Can Take Your Cybersecurity Skills to the Next Level this 9 course bundle can take your cybersecurity skills to the»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.