Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
Contents
Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware
Author: Sebin, Lee & Yeongjae, Shin | S2W TALON
Last Modified : Oct 24, 2022
Executive Summary
- S2W’s threat research and intelligence center, Talon, recently identified three new types of malware that target Android devices.
- We named the malicious APKs FastFire, FastViewer, and FastSpy by adding ‘Fast’ included in the package name and the characteristics of each.
- As a result of analyzing the APKs, we figured out that there is a significant association with the past campaigns attributed to Kimsuky group.
- The FastFire malware is disguised as a Google security plugin, and the FastViewer malware disguises itself as “Hancom Office Viewer”, FastSpy is a remote access tool based on AndroSpy.
- All three APKs were recently confirmed to have been developed by the Kimsuky group and FastViewer & FastSpy were actually used to attack South Koreans.
- Since Kimsuky group’s mobile targeting …
Author: Sebin, Lee & Yeongjae, Shin | S2W TALON
Last Modified : Oct 24, 2022
Executive Summary
- S2W’s threat research and intelligence center, Talon, recently identified three new types of malware that target Android devices.
- We named the malicious APKs FastFire, FastViewer, and FastSpy by adding ‘Fast’ included in the package name and the characteristics of each.
- As a result of analyzing the APKs, we figured out that there is a significant association with the past campaigns attributed to Kimsuky group.
- The FastFire malware is disguised as a Google security plugin, and the FastViewer malware disguises itself as “Hancom Office Viewer”, FastSpy is a remote access tool based on AndroSpy.
- All three APKs were recently confirmed to have been developed by the Kimsuky group and FastViewer & FastSpy were actually used to attack South Koreans.
- Since Kimsuky group’s mobile targeting …
IoC
031BDE16D3B75083B0ADDA754AA982D4F6BD91E6B9D0531D5486DC139A90CE5A
1510780646E92CBEFC5FB4F4D7D2997A549058712A81553F90E197E907434672
23.106.122.16
3458daa0dffdc3fbb5c931f25d7a1ec0
38D1D8C3C4EC5EA17C3719AF285247CB1D8879C7CF967E1BE1197E60D42C01C5
539231DEA156E29BD6F7ED8430BD08A4E07BA330A9FAD799FEA45D9E9EED070C
59CB6BB54A6A222C863258BAF9EE2500A539B55411B468A3E672FE7B26166B98
5D56371944DEC9DA57DB95D0199DD920
8420236c32f0991feaa7869549abdb97
884FF7E3A3CEA5CE6371851F205D703E77ABC7D1427D21800A04A205A124B649
89f97e1d68e274b03bc40f6e06e2ba9a
9722107FFF4F3B2255556E0CF4D367CCB73305C34B1746BAED31B16899EEFC4B
AE7436C00E2380CDABBDCCCACF134B95DDBAF2A40483FA289535DD6207CC58CE
C038B20F104BE66550D8DD3366BF4474398BEEA330BD25DAC2BB2FD4B5377332
FDD0E18E841D3EC4E501DD8BF0DA68201779FD90237C1C67078D1D915CD13045
aefa23b91cc667be041cad40abbfa043
http://23.106.122.16
http://23.106.122.16/dash/index.php
http://23.106.122.16/dash/index.php?&ati=Kur-null_error_imei
http://23.106.122.16/dash/patch.php
http://goooglesecurity.com
http://goooglesecurity.com/fkwneovjubske4gv/android/fcm.html
http://mc.pzs.kr/themes/mobile/images/about/temp/android/daum.html
http://mc.pzs.kr/themes/mobile/images/about/temp/android/facebook.html
http://mc.pzs.kr/themes/mobile/images/about/temp/android/naver.html
http://navernnail.com
http://navernnail.com/fkwneovjubske4gv/android/daum.html
http://navernnail.com/fkwneovjubske4gv/android/facebook.html
http://navernnail.com/fkwneovjubske4gv/android/naver.html
1510780646E92CBEFC5FB4F4D7D2997A549058712A81553F90E197E907434672
23.106.122.16
3458daa0dffdc3fbb5c931f25d7a1ec0
38D1D8C3C4EC5EA17C3719AF285247CB1D8879C7CF967E1BE1197E60D42C01C5
539231DEA156E29BD6F7ED8430BD08A4E07BA330A9FAD799FEA45D9E9EED070C
59CB6BB54A6A222C863258BAF9EE2500A539B55411B468A3E672FE7B26166B98
5D56371944DEC9DA57DB95D0199DD920
8420236c32f0991feaa7869549abdb97
884FF7E3A3CEA5CE6371851F205D703E77ABC7D1427D21800A04A205A124B649
89f97e1d68e274b03bc40f6e06e2ba9a
9722107FFF4F3B2255556E0CF4D367CCB73305C34B1746BAED31B16899EEFC4B
AE7436C00E2380CDABBDCCCACF134B95DDBAF2A40483FA289535DD6207CC58CE
C038B20F104BE66550D8DD3366BF4474398BEEA330BD25DAC2BB2FD4B5377332
FDD0E18E841D3EC4E501DD8BF0DA68201779FD90237C1C67078D1D915CD13045
aefa23b91cc667be041cad40abbfa043
http://23.106.122.16
http://23.106.122.16/dash/index.php
http://23.106.122.16/dash/index.php?&ati=Kur-null_error_imei
http://23.106.122.16/dash/patch.php
http://goooglesecurity.com
http://goooglesecurity.com/fkwneovjubske4gv/android/fcm.html
http://mc.pzs.kr/themes/mobile/images/about/temp/android/daum.html
http://mc.pzs.kr/themes/mobile/images/about/temp/android/facebook.html
http://mc.pzs.kr/themes/mobile/images/about/temp/android/naver.html
http://navernnail.com
http://navernnail.com/fkwneovjubske4gv/android/daum.html
http://navernnail.com/fkwneovjubske4gv/android/facebook.html
http://navernnail.com/fkwneovjubske4gv/android/naver.html