Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
Contents
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group
ESET researchers have analyzed a previously unreported backdoor used by the ScarCruft APT group. The backdoor, which we named Dolphin, has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers. Its functionality is reserved for selected targets, to which the backdoor is deployed after initial compromise using less advanced malware. In line with other ScarCruft tools, Dolphin abuses cloud storage services – specifically Google Drive – for C&C communication.
During our investigation, we saw continued development of the backdoor and attempts by the malware authors to evade detection. A notable feature of earlier Dolphin versions we analyzed is the ability to modify the settings of victims’ signed-in Google and Gmail accounts to lower their security, most likely to maintain access …
ESET researchers have analyzed a previously unreported backdoor used by the ScarCruft APT group. The backdoor, which we named Dolphin, has a wide range of spying capabilities, including monitoring drives and portable devices and exfiltrating files of interest, keylogging and taking screenshots, and stealing credentials from browsers. Its functionality is reserved for selected targets, to which the backdoor is deployed after initial compromise using less advanced malware. In line with other ScarCruft tools, Dolphin abuses cloud storage services – specifically Google Drive – for C&C communication.
During our investigation, we saw continued development of the backdoor and attempts by the malware authors to evade detection. A notable feature of earlier Dolphin versions we analyzed is the ability to modify the settings of victims’ signed-in Google and Gmail accounts to lower their security, most likely to maintain access …
IoC
21CA0287EC5EAEE8FB2F5D0542E378267D6CA0A6
2C6CC71B7E7E4B28C2C176B504BC5BDB687C4D41
5B70453AB58824A65ED0B6175C903AA022A87D6A
D9A369E328EA4F1B8304B6E11B50275F798E9D6B
F9F6C0184CEE9C1E4E15C2A73E56D7B927EA685B
2C6CC71B7E7E4B28C2C176B504BC5BDB687C4D41
5B70453AB58824A65ED0B6175C903AA022A87D6A
D9A369E328EA4F1B8304B6E11B50275F798E9D6B
F9F6C0184CEE9C1E4E15C2A73E56D7B927EA685B