Attacks with the new EndClient RAT trojan have been launched by Kimsuky-linked threat actors against North Korean human rights defenders since September, GBHackers News reports.After wiping an activist's Android device with EndClient RAT distributed through a "StressClear.msi"-spoofing Microsoft Installer package, hackers proceeded to compromise their KakaoTalk account to facilitate the deployment of the backdoor to 39 other targets, according to a report from 0x0v1.Execution of EndClient RAT, which has been signed with a stolen Chengdu Huifenghe Science and Technology Co. Ltd. certificate, triggers multiple anti-analysis capabilities, including the creation of polymorphic file mutations to obscure itself from Avast software.Aside from using various mechanisms for persistence, EndClient RAT enables remote shell command execution, system data gathering, and file transfers, said researchers. Organizations have been urged to defend themselves from the threat of EndClient RAT through highly focused threat hunting operations and increased vigilance on MSI files.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




