BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Previously unknown Android spyware targets South Korean journalists

    North Korean government hackers spy on South Korean journalists using an infected Android app as part of a social engineering campaign. This was reported by the South Korean non-profit organization Interlab, which discovered a new malware called RambleOn.

    The application gives access to the target's contact list, SMS messages, voice calls, location and other data. The spyware masquerades as the anonymous Fizzle messenger (ch.seme), but actually acts as a conduit for delivering the next stage payload hosted in pCloud and Yandex.

    The app was reportedly sent as an APK file on Chinese messenger WeChat on December 7, 2022 to a South Korean journalist under the pretext of wanting to discuss a sensitive topic.

    The main purpose of RambleOn is to function as a downloader for another APK file (com.data.WeCoin), as well as request permissions to collect files, access call logs, intercept SMS messages, record audio, and location data. The secondary payload opens a channel to access the infected Android device using the secure Firebase Cloud Messaging (FCM) messenger as a command and control (C2, C&C) server.

    Interlab found overlaps in FCM functionality in the RambleOn and FastFire campaigns, part of Android spyware that South Korean cybersecurity researchers have attributed to the Kimsuky group. In addition, the group's victimology is very closely aligned with the working methods of the APT37 group.

    Author DeepWeb
    Royal ransomware extorts up to 11 million dollars from victims
    DNS HIJACKING. What is this attack & how does it work?

    Comments 0

    Add comment