Kimsuky Group Uses ADS to Conceal Malware Posted By Vanish , March 29, 2023 AhnLab Security Emergency response Center (ASEC) has discovered that the Kimsuky group is using Alternate Data Stream (ADS) to hide their malware. This malware is an Infostealer that collects data by starting the VBScript included inside an HTML file. It can be characterized by its tendency to add the actual code between numerous dummy codes. Figure 1. Part of the initially executed script The following commands are executed in the terminal to collect and transmit data. hostname systeminfo net user…
