A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear.
This includes the Autoit3.exe binary and an AutoIt script that’s launched using the former.
The Auto It script, for its part, performs process injection using a process hollowing technique, in which malicious code is inserted into a process that’s in a suspended state.
The attack has been loosely pinned on a North Korean nation-state actor named Kimsuky.
Earlier this February, Interlab also revealed that North Korean nations-state actors had targeted a journalist with Android malware dubbed RambleOn as part of a social engineering campaign.
SuperBear is similar to other recent malware discovered by the company.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply