xRAT (QuasarRAT) Malware Being Distributed Through Webhard (Adult Games)
AhnLab SEcurity intelligence Center (ASEC) recently discovered that the xRAT (QuasarRAT) malware is being distributed through a webhard disguised as an adult game. In Korea, webhard services are one of the most commonly used platforms for distributing malware. Typically, threat actors use malware that are easily accessible, such as
GitHub Repository Used by Kimsuky Threat Group
Overview While analyzing the Kimsuky group’s malware, AhnLab SEcurity intelligence Center (ASEC) discovered a certain GitHub repository. An inspection revealed that a strain of the FlowerPower malware that has been distributed since 2020 was uploaded. It also contained user information exfiltrated to GitHub and was confirmed to be the
Kimsuky Group Uses AutoIt to Create Malware (RftRAT, Amadey)
OverviewInitial Access…. 2.1. Spear Phishing Attack…. 2.2. LNK MalwareRemote Control Malware…. 3.1. XRat (Loader)…. 3.2. Amadey…. 3.3. Latest Attack Cases…….. 3.3.1. AutoIt Amadey…….. 3.3.2. RftRATPost-infection…. 4.1. Keylogger…. 4.2. Infostealer…. 4.3. Other TypesConclusion 1. Overview The Kimsuky threat group, deemed to be supported by North Korea, has been active since
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
On January 26th, 2022, the ASEC analysis team has discovered that the Kimsuky group was using the xRAT (Quasar RAT-based open-source RAT) malware. xRAT Github Address: https://github.com/tidusjar/xRAT According to the logs collected by AhnLab’s ASD (AhnLab Smart Defense) infrastructure, the attacker installed a variant of Gold Dragon on the first
