Rewterz Informative Update – Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
June 8, 2021Rewterz Threat Advisory – Confucius APT Group Actively Targeting Pakistani Officials Deploying Warzone RAT
June 8, 2021Rewterz Informative Update – Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
June 8, 2021Rewterz Threat Advisory – Confucius APT Group Actively Targeting Pakistani Officials Deploying Warzone RAT
June 8, 2021Severity
High
Analysis Summary
The North Korean advanced persistent threat (APT) group Kimsuky has been found to be distributing a fake Korean Internet and Security Agency (KISA) app via malicious emails. A mobile malware researcher has shared information about a fake KISA vaccine or security android app disguised as the KISA security program. When the target downloads the APK implanted file from the email and installs the application on his device, the malicious code does its job. It executes in the background without the target’s knowledge and collects sensitive information from his device.
Impact
- Watering hole attacks
- Keyloggers
- Remote Access Connections
Indicators of Compromise
MD5
- e7caf25de7ce463a6f22ecb8689389ad
SHA-256
- fe1a734019f0dc714bd3360e2369853ea97c02f108afe963769318934470967b
SHA1
- 16b3487022b674040227afc8979ffedd2f70b67e
URL
- hxxp[:]//app[.]at-me[.]ml/index[.]php
- hxxp[:]//app[.]at-me[.]ml/index[.]php?m=c&p1=3666e8b2182d8249
Remediation
- Keep your system and applications updated.
- It is always wise to install mobile applications only from trusted application stores.
- Enable two-factor authentication