VNC Malware (TinyNuke, TightVNC) Used by Kimsuky Group
Contents
VNC Malware (TinyNuke, TightVNC) Used by Kimsuky Group
While monitoring Kimsuky-related malware, the ASEC analysis team has recently discovered that VNC malware was installed via AppleSeed remote control malware.
VNC, also known as Virtual Network Computing, is a screen sharing system that remotely controls other computers. Similar to the commonly-used RDP, it is used to remotely access and control other systems.
Kimsuky group installs AppleSeed backdoor on the target system after the initial compromise, then additionally installs VNC malware via AppleSeed to ultimately control the target system in a graphical environment. One of the VNC malware that is installed is TinyNuke.
1. TinyNuke (HVNC)
TinyNuke, also known as Nuclear Bot, is a banking malware discovered in 2016, and it includes features such as HVNC (HiddenDesktop/VNC), reverse SOCKS4 proxy, and form grabbing. Due to its source code revealed in 2017, TinyNuke is used by various attackers, and the HVNC, Reverse SOCKS4 Proxy features are partially borrowed …
While monitoring Kimsuky-related malware, the ASEC analysis team has recently discovered that VNC malware was installed via AppleSeed remote control malware.
VNC, also known as Virtual Network Computing, is a screen sharing system that remotely controls other computers. Similar to the commonly-used RDP, it is used to remotely access and control other systems.
Kimsuky group installs AppleSeed backdoor on the target system after the initial compromise, then additionally installs VNC malware via AppleSeed to ultimately control the target system in a graphical environment. One of the VNC malware that is installed is TinyNuke.
1. TinyNuke (HVNC)
TinyNuke, also known as Nuclear Bot, is a banking malware discovered in 2016, and it includes features such as HVNC (HiddenDesktop/VNC), reverse SOCKS4 proxy, and form grabbing. Due to its source code revealed in 2017, TinyNuke is used by various attackers, and the HVNC, Reverse SOCKS4 Proxy features are partially borrowed …