Security News > 2022 > October > Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans

The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart.

That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy.

"The FastFire malware is disguised as a Google security plugin, and the FastViewer malware disguises itself as 'Hancom Office Viewer,' [while] FastSpy is a remote access tool based on AndroSpy," researchers Lee Sebin and Shin Yeongjae said.

FastFire, FastViewer, and FastSpy are the latest additions to its evolving Android malware arsenal, which are designed to receive commands from Firebase and download additional payloads.

S2W's attribution of the malware to Kimsuky is based on overlaps with a server domain named "Mc.pzs[.]kr," which was previously employed in a May 2022 campaign identified as orchestrated by the group to distribute malware disguised as North Korea related press releases.

"Since Kimsuky group's mobile targeting strategy is getting more advanced, it is necessary to be careful about sophisticated attacks targeting Android devices."

News URL

https://thehackernews.com/2022/10/kimsuky-hackers-spotted-using-3-new.html