A newly identified Remote Access Trojan, named EndClient RAT, poses a serious threat to human rights activists in North Korea, linked to the Kimsuky group. This sophisticated malware employs stolen code-signing certificates to evade traditional antivirus systems, showcasing a significant evolution in malware tactics. The threat was first revealed when a North Korean human rights activist reported suspicious account activity, leading to investigations that disclosed its extensive operational capabilities.
The attacker utilized a fraudulent Microsoft Installer package labeled “StressClear.msi,” which had been falsely signed using credentials from a legitimate company, demonstrating a high level of deception. Through targeted social engineering, the attackers directed victims to download and install the malware, affecting at least 40 individuals within the human rights community. Notably, the malware includes a legitimate banking authentication module as a decoy, complicating detection efforts further.
Once executed, the RAT establishes itself persistently on the victim’s system through scheduled tasks and adaptive evasion tactics, including polymorphic variations when certain antivirus software is detected. This highlights a sophisticated understanding of Windows internals while emphasizing the urgent need for enhanced security measures to combat such increasingly complex threats.
👉 Pročitaj original: Cyber Security News
