BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Previously unknown Android spyware targets South Korean journalists

    North Korean government hackers spy on South Korean journalists using an infected Android app as part of a social engineering campaign. This was reported by the South Korean non-profit organization Interlab, which discovered a new malware called RambleOn.

    The application gives access to the target's contact list, SMS messages, voice calls, location and other data. The spyware masquerades as the anonymous Fizzle messenger (ch.seme), but actually acts as a conduit for delivering the next stage payload hosted in pCloud and Yandex.

    The app was reportedly sent as an APK file on Chinese messenger WeChat on December 7, 2022 to a South Korean journalist under the pretext of wanting to discuss a sensitive topic.

    The main purpose of RambleOn is to function as a downloader for another APK file (com.data.WeCoin), as well as request permissions to collect files, access call logs, intercept SMS messages, record audio, and location data. The secondary payload opens a channel to access the infected Android device using the secure Firebase Cloud Messaging (FCM) messenger as a command and control (C2, C&C) server.

    Interlab found overlaps in FCM functionality in the RambleOn and FastFire campaigns, part of Android spyware that South Korean cybersecurity researchers have attributed to the Kimsuky group. In addition, the group's victimology is very closely aligned with the working methods of the APT37 group.

    Author DeepWeb
    Royal ransomware extorts up to 11 million dollars from victims
    DNS HIJACKING. What is this attack & how does it work?

    Comments 0

    Add comment