Overview

While analyzing the Kimsuky group’s malware, AhnLab SEcurity intelligence Center (ASEC) discovered a certain GitHub repository. An inspection revealed that a strain of the FlowerPower malware that has been distributed since 2020 was uploaded. It also contained user information exfiltrated to GitHub and was confirmed to be the same type as the one that had been used in the past.[1] Also, it was still accessible while it was being analyzed (July 5th).

Figure 1. The main screen of the GitHub repository

[1] https://asec.ahnlab.com/en/50621/