Kimsuky APT Group Distributes Fake Security App Disguised as KISA Security Program
Contents
Kimsuky APT Group Distributes Fake Security App Disguised as KISA Security Program
The North Korean advanced persistent threat (APT) group Kimsuky has been found to be distributing a fake Korean Internet and Security Agency (KISA) app via malicious emails. In a recent tweet, a mobile malware researcher has shared information about a fake KISA vaccine or security android app disguised as the KISA security program.
When the target downloads the APK implanted file from the email and installs the application on his device, the malicious code does its job. It executes in the background without the target’s knowledge and collects sensitive information from his device.
The Kimsuky group is a cyber espionage group with suspected ties to North Korea and well known for its cyber terrorism attacks from 2014. The group, also referred to as Black Banshee, Thallium, and Velvet Chollima, continues to be involved in many spear phishing attacks. In addition to …
The North Korean advanced persistent threat (APT) group Kimsuky has been found to be distributing a fake Korean Internet and Security Agency (KISA) app via malicious emails. In a recent tweet, a mobile malware researcher has shared information about a fake KISA vaccine or security android app disguised as the KISA security program.
When the target downloads the APK implanted file from the email and installs the application on his device, the malicious code does its job. It executes in the background without the target’s knowledge and collects sensitive information from his device.
The Kimsuky group is a cyber espionage group with suspected ties to North Korea and well known for its cyber terrorism attacks from 2014. The group, also referred to as Black Banshee, Thallium, and Velvet Chollima, continues to be involved in many spear phishing attacks. In addition to …
IoC
104.128.239.70
[email protected]
fe1a734019f0dc714bd3360e2369853ea97c02f108afe963769318934470967b
http://104.128.239.70
http://app.at-me.ml/
http://app.at-me.ml/index.php?m=b&p1=56d92eaa24f68947&p2=a
http://app.at-me.ml/index.php?m=c&p1=3666e8b2182d8249
http://app.at-me.ml/index.php?m=d&p1=56d92eaa24f68947
http://app.at-me.ml/index.php
[email protected]
fe1a734019f0dc714bd3360e2369853ea97c02f108afe963769318934470967b
http://104.128.239.70
http://app.at-me.ml/
http://app.at-me.ml/index.php?m=b&p1=56d92eaa24f68947&p2=a
http://app.at-me.ml/index.php?m=c&p1=3666e8b2182d8249
http://app.at-me.ml/index.php?m=d&p1=56d92eaa24f68947
http://app.at-me.ml/index.php