North Korean state-sponsored threat operation Kimsuky also known as Thallium, Velvet Chollima, and Black Banshee has been using the FastFire, FastSpy, and FastViewer Android malware strains in attacks against South Korean individuals, according to The Hacker News.
Researchers from South Korean cybersecurity firm S2W discovered that FastFire and FastViewer impersonate a Google security plugin and "Hancom Office Viewer," respectively, while FastSpy is an AndroSpy-based remote access tool.
Android's accessibility API permissions are being exploited by both FastSpy and FastViewer malware strains, with FastSpy enabling user click automation for more extensive permissions. Deployment of FastSpy could result in device takeovers, phone call and text message collection, and user location monitoring, according to the report.
"Kimsuky group has continuously performed attacks to steal the target's information targeting mobile devices... In addition, various attempts are being made to bypass detection by customizing Androspy, an open source RAT," said researchers, who urged increased vigilance on more sophisticated Android device-targeted attacks as Kimsuky evolves its targeting technique.
This week, Dr. Doug raves about: 'The Orgy of the Walking Dead' or Elon is controlling my brain, Schoolyard Bully, Redigo, DuckLogs, Dod Alphabet soup, Sirius XM, Pixel Tracking, TSA, Single Sign-on rants, and more on the Security Weekly News!
Novel DuckLogs malware-as-a-service detailed More than 6,000 victims have been compromised by the new DuckLogs malware-as-a-service operation, whose platform is being leveraged by over 2,000 cybercriminals, according to BleepingComputer.
BleepingComputer reports that Redis servers that remain unpatched to CVE-2022-0543 are being compromised with the novel Go-based Redigo malware, which is not yet detected on VirusTotal antivirus engines.