North Korean hacking group Kimsuky is changing its tactics, using the remote desktop protocol (RDP) and proxy tools rather than traditional backdoors to take over systems. This approach is designed to enhance stealth and maintain persistence. The cyberespionage group delivers its malware through spear-phishing emails containing disguised .LNK shortcut files. The modified version of the RDP Wrapper utility is used to bypass malicious file detection, while proxy tools facilitate access to private networks. Targets are mainly South Korean organizations, but also include the US, Japan, and Germany.
Mandiant partners with Android team to tackle concealed malware
Mandiant and the Android Security and Privacy Team have worked together to enhance open-source binary analysis tool capa to detect Android malware hidden within native
