FastViewer Variant Merged with FastSpy and disguised as a Legitimate Mobile Application
Contents
FastViewer Variant Merged with FastSpy and disguised as a Legitimate Mobile Application
Author: Youngjae Shin, Sebin Lee | BLKSMTH
Last Modified : Oct 30, 2023
Executive Summary
- The S2W Threat Analysis team recently hunted and analyzed a new FastViewer sample from the Kimsuky APT group behind North Korea, and found that the group seems to be using a variant of FastViewer.
— Past FastViewer and FastSpy analysis reports: (2022–10–24) Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
- The variant has been in production since at least July 2023 and, like the initial version, is found to induce installation by distributing repackaged APKs that include malicious code in legitimate apps.
— The package name, app name, icon, and some features are identical to the legitimate app.
- The exact distribution route of the malicious app has not been identified, but it is believed to be the same as last year, disguised as …
Author: Youngjae Shin, Sebin Lee | BLKSMTH
Last Modified : Oct 30, 2023
Executive Summary
- The S2W Threat Analysis team recently hunted and analyzed a new FastViewer sample from the Kimsuky APT group behind North Korea, and found that the group seems to be using a variant of FastViewer.
— Past FastViewer and FastSpy analysis reports: (2022–10–24) Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
- The variant has been in production since at least July 2023 and, like the initial version, is found to induce installation by distributing repackaged APKs that include malicious code in legitimate apps.
— The package name, app name, icon, and some features are identical to the legitimate app.
- The exact distribution route of the malicious app has not been identified, but it is believed to be the same as last year, disguised as …
IoC
02dd6e7a49138d4fe7c4a8cd920afb21
0a3fe48c8ff1f7c50c22accfc5185d42
1315ac032903371e6e1be2f06875c117
144.76.109.61
536e736ea4009376f60f77f044461bee
72587b3da56546285496198af6c67809
7ced6bf0f2e26716a0ed64238425e29f
a7412db9b5bcf564d66b2babdc26aa39
a810fafd4b6ac524ce032896c295f37b
d1af9d1d4580e4a578f10b9515963545
d66aeb492dec0c88d447711017458182
dec2ca08aa5abbc4d0e20ab67aa26e5d
f1570d3c0974968d3c7acaa268d36497
f334167b35ae5b6e1166819f98e77c90
http://144.76.109.61
http://144.76.109.61/dash/index.php?ati=
0a3fe48c8ff1f7c50c22accfc5185d42
1315ac032903371e6e1be2f06875c117
144.76.109.61
536e736ea4009376f60f77f044461bee
72587b3da56546285496198af6c67809
7ced6bf0f2e26716a0ed64238425e29f
a7412db9b5bcf564d66b2babdc26aa39
a810fafd4b6ac524ce032896c295f37b
d1af9d1d4580e4a578f10b9515963545
d66aeb492dec0c88d447711017458182
dec2ca08aa5abbc4d0e20ab67aa26e5d
f1570d3c0974968d3c7acaa268d36497
f334167b35ae5b6e1166819f98e77c90
http://144.76.109.61
http://144.76.109.61/dash/index.php?ati=