DPRK DriverEasy & ChromeUpdate Deep Dive
Contents
DPRK DriverEasy & ChromeUpdate Deep Dive
Over the last few months, several Swift applications have been attributed to the North Korea Contagious Interview effort. These applications are presented to victims as part of a fake job interview process. SentinelOne recently published a blog post on “Flexible Ferret” and other related applications including two named ChromeUpdate (which was originally covered by dmpdump in their blog post) and CameraAccess. Moonlock Lab also recently covered the ChromeUpdate and CameraAccess applications in a blog post, which provided an overview of what they do.
In this article, we will take a deep dive into another related application named DriverEasy, which was recently uploaded to VirusTotal, to understand how it works and compare it to the other two DPRK attributed applications.
Analysis Summary
This application called DriverEasy.app is written in Swift/Objective-C and is designed to capture a user’s password while pretending to be a Google application. After an error prompt …
Over the last few months, several Swift applications have been attributed to the North Korea Contagious Interview effort. These applications are presented to victims as part of a fake job interview process. SentinelOne recently published a blog post on “Flexible Ferret” and other related applications including two named ChromeUpdate (which was originally covered by dmpdump in their blog post) and CameraAccess. Moonlock Lab also recently covered the ChromeUpdate and CameraAccess applications in a blog post, which provided an overview of what they do.
In this article, we will take a deep dive into another related application named DriverEasy, which was recently uploaded to VirusTotal, to understand how it works and compare it to the other two DPRK attributed applications.
Analysis Summary
This application called DriverEasy.app is written in Swift/Objective-C and is designed to capture a user’s password while pretending to be a Google application. After an error prompt …
IoC
8df4d196cea4b10fe5b3e3086a9b0e3cbfb522ee6c9ddb3777b621d942ed9e2f
e1bdb6a878dc5a81a74f7178259571d6c1c89fd8163185e6ccc61732d64b6338
B72653bf747b962c67a5999afbc1d9156e1758e4ad959412ed7385abaedb21b6
3c4becde20e618efb209f97581e9ab6bf00cbd63f51f4ebd5677e352c57e992a
e1bdb6a878dc5a81a74f7178259571d6c1c89fd8163185e6ccc61732d64b6338
B72653bf747b962c67a5999afbc1d9156e1758e4ad959412ed7385abaedb21b6
3c4becde20e618efb209f97581e9ab6bf00cbd63f51f4ebd5677e352c57e992a