Kimsuky (aka Thallium, Black Banshee, Velvet Chollima) is a North Korean hacking group that is actively targeting Android device users with 3 new mobile malware that are recently discovered by the cybersecurity experts at S2W.
This group has been active since 2012 and has performed several cyberattacks on targets who are engaged in the following sectors around the globe:-
Data is primarily collected by this hacking group through the distribution of malware and spear-phishing attacks through which they gain access to the victims’ accounts.
It should be noted that the malware strains were named in the following manner by the South Korean cybersecurity company S2W:-
As far as Kimsuky is concerned, North Korea is expected to be conducting an intelligence-gathering mission under the curtain of Kimsuky around the globe.
The primary focus of this group is on the organizations and entities from the following countries:-
In the past, attackers have been able to execute arbitrary actions on infected devices through the Android version of the AppleSeed implant.
The three families of malware that have been discovered recently are the latest additions to Kimsuky’s arsenal. This set of malware is mainly designed to perform two key tasks:-
There is a predetermined order in which FastFire is executed, which begins with MainActivity. “com.viewer.fastsecure” is the package name of the malicious APK, which disguises itself as a Google Security Plugin.
There is no way to discover that it is installed once it is installed because it hides its launcher icon. Using the accessibility API permissions, FastViewer and FastSpy both perform spying activities on Android devices.
Upon launching FastSpy, it will give the attacker complete control over the devices that are being targeted to steal and hijack the following data and components:-
These three malware families were attributed to the Kimsuky hacking group, as this group has been found to be using the domain “mc.pzs[.]kr.” While it’s the domain name that has previously been used by the group in a prior campaign that was operated in May 2022.
It is imperative that users be careful about sophisticated attacks targeting Android devices due to Kimsuky Group’s mobile targeting strategy becoming more sophisticated and advanced.
A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors…
SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers…
The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious…
Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022…
CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building…
A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly…