Security News > 2023 > June > APT37 hackers deploy new FadeStealer eavesdropping malware
The North Korean APT37 hacking group uses a new 'FadeStealer' information-stealing malware containing a 'wiretapping' feature, allowing the threat actor to snoop and record from victims' microphones.
In a new report from the AhnLab Security Emergency Response Center, researchers provide information on new custom malware dubbed 'AblyGo backdoor' and 'FadeStealer' that the threat actors use in cyber espionage attacks.
The backdoor is used to deploy an additional GoLang backdoor used in the later stages of the attack to conduct privilege escalation, data theft, and the delivery of further malware.
Ultimately, the backdoors deploy a final payload in the form of 'FadeStealer,' an information-stealing malware capable of stealing a wide variety of information from Windows devices.
APT37 is not the only North Korean threat actor utilizing CHM files to deploy malware.
ASEC also reported today that the Kimsuky state-sponsored hacking group is utilizing CHM files in phishing attacks to deploy malicious scripts that steal user information and install additional malware.
News URL
Related news
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)