Windows systems are being targeted with the advanced KimJongRAT malware linked to North Korean state-sponsored advanced persistent threat operation Kimsuky via malicious HTA files, according to GBHackers News.Attackers distribute phishing emails with a ZIP archive purporting to be a tax notice that includes an LNK file masquerading as a tax notice PDF document, which when run leverages mshta for Base64-encoded URL encoding and the eventual activation of the HTA file, a report from ESTsecurity showed. Execution of the HTA file prompts additional illicit file and decoy document downloads, with the payloads deployed depending on the operation of security software.While Windows Defender disablement allows the downloading of a log file that facilitates not only the exfiltration of system data, browser storage details, and browser encryption keys, but also of cryptocurrency wallet details, Discord credentials, and Telegram accounts, activation of Windows Defender enables similar data gathering activity but with increased persistence.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




