Feb 6, 11:08 AM

Kimsuky Hacking Group Deploys 'forceCopy' Malware; 'FlexibleFerret' Targets MacOS Since Nov 2023

In recent developments concerning cybersecurity, the North Korean hacking group Kimsuky has been linked to the deployment of a new malware strain named 'forceCopy.' This malware is designed to target browser-stored credentials and is disseminated through spear-phishing emails that trick victims into opening disguised Windows shortcut files. The malware download is triggered via PowerShell and mshta.exe, leading to deeper system infiltration. Additionally, another malware called 'FlexibleFerret' has been discovered, targeting MacOS systems as part of a broader campaign that has been active since November 2023 and currently evades Apple's XProtect detection. The ongoing threat landscape also includes the use of fake Google Chrome sites to distribute 'ValleyRAT' malware via DLL hijacking. These developments highlight the evolving tactics employed by cybercriminals, particularly in targeting educational institutions and exploiting insider threats through credential theft and ransomware attacks.

#North Korean #Kimsuky #Windows #PowerShell #FlexibleFerret #MacOS #Apple #XProtect #Google Chrome #ValleyRAT

Written with ChatGPT (GPT-4o mini).

Kimsuky Hacking Group Deploys 'forceCopy' Malware; 'FlexibleFerret' Targets MacOS Since Nov 2023

Sources

Additional media

Similar Stories