Numerous file formats are being leveraged by North Korean advanced persistent threat group APT37, also known as Reaper, RedEyes, Scarcruft, and Ricochet Chollima, to facilitate malware distribution efforts, reports The Hacker News.
While APT37 was initially reported by ASEC to be using HWP files to deploy the M2RAT backdoor, the threat operation has been discovered by Zscaler researchers to be distributing malware through macro-based Microsoft Office documents, as well as Microsoft Compiled HTML Help, LNK, HTA, and XLL files.
Such methods have enabled the deployment of the Chinotto malware, which has been updated to allow screenshot capturing and keylogging, with obtained data exfiltrated to a remote server, according to the Zscaler report. APT37 also had its malicious activity evade detection for over two years, researchers noted.
"The group is constantly evolving its tools, techniques, and procedures while experimenting with new file formats and methods to bypass security vendors," said researchers.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds