Security News > 2023 > February > New WhiskerSpy malware delivered via trojanized codec installer
Security researchers have discovered a new backdoor called WhiskerSpy used in a campaign from a relatively new advanced threat actor tracked as Earth Kitsune, known for targeting individuals showing an interest in North Korea.
The new operation was discovered at the end of last year by researchers at cybersecurity company Trend Micro, who have been tracking Earth Kitsune activity since 2019.
According to Trend Micro, WhiskerSpy was delivered when visitors tried to watch videos on the website.
The attacker compromised the website and injected a malicious script that asked the victim to install a video codec for the media to run.
To avoid suspicions, the threat actor modified a legitimate codec installer so that it ultimately loaded "a previously unseen backdoor" on the victim's system.
In reality, the codec is an MSI executable that installs on the victim's computer shellcode that triggers a series PowerShell commands that lead to deploying the WhiskerSpy backdoor.