North Korean hackers use new KLogEXE and FPSpy malware in targeted attacks

SeniorTechInfo
1 Min Read






KLogEXE and FPSpy Malware: New Threats Linked to North Korea

Sep 26, 2024Ravie LakshmananCyber Attack / Malware

Discover two new malware strains, KLogEXE and FPSpy, used by threat actors linked to North Korea.

These activities have been attributed to the Kimsuky adversary, known for its spear phishing tactics and evolving capabilities.

According to researchers at Palo Alto Networks Unit 42, “These samples enhance Sparkling Pisces’ already extensive arsenal and demonstrate the group’s continuous evolution and increasing capabilities.”

Cybersecurity

Unit 42’s analysis uncovered two new portable executables, KLogEXE and FPSpy, within Sparkling Pisces’ infrastructure.

KLogExe, a C++ keylogger, and FPSpy, a backdoor variant, are used to gather sensitive data and execute malicious commands on compromised systems.

The malware strains are capable of collecting sensitive information, monitoring activities, and running arbitrary commands on infected machines.

Researchers also noted similarities in the source code of both malware, indicating a high likelihood that they share the same author.

“Most targets observed originated from South Korea and Japan, aligning with previous Kimsuky targeting,” the researchers stated.

Enjoyed this read? Stay updated with our latest content by following us on Twitter and LinkedIn.


Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *