Security News > 2021 > November > APT37 targets journalists with Chinotto multi-platform malware
North Korean state hacking group APT37 targets South Korean journalists, defectors, and human rights activists in watering hole, spear-phishing emails, and smishing attacks delivering malware dubbed Chinotto capable of infecting Windows and Android devices.
Chinotto, the malware deployed in their most recent campaign discovered by Kaspersky security researchers, allows the hacking group to control compromised devices, spy on their users via screenshots, deploy additional payloads, harvest data of interest, and upload it to attacker-controlled servers.
"We suspect this host was compromised on March 22, 2021. [.] The malware operator later delivered the Chinotto malware in August 2021 and probably started to exfiltrate sensitive data from the victim," Kaspersky said.
Chinotto is highly customizable malware, as shown by many variants found while analyzing the campaign, sometimes several payloads deployed on the same infected devices.
"The malware authors keep changing the capabilities of the malware to evade detection and create custom variants depending on the victim's scenario," the researchers said.
"We may presume that if a victim's host and mobile are infected at the same time, the malware operator is able to overcome two-factor authentication by stealing SMS messages from the mobile phone."