"RedEyes Hackers Use New Malware to Steal Data From Windows, Phones"
The APT37 threat group, also known as 'RedEyes' or 'ScarCruft,' targets individuals for intelligence collection using the new evasive malware called M2RAT and steganography. APT37 is a North Korean hacker group suspected to be government-supported. In 2022, the group was observed exploiting zero-day vulnerabilities in Internet Explorer and spreading a wide variety of malware to targeted entities and individuals. The threat actors attacked EU-based companies with a new version of their mobile backdoor dubbed 'Dolphin,' deployed a custom Remote Access Trojan (RAT) dubbed 'Konni,' and targeted US journalists with a highly-customizable malware dubbed 'Goldbackdoor.' In a new study published by the AhnLab Security Emergency Response Center (ASEC), researchers describe how APT37 is now applying a new M2RAT malware strain that uses a shared memory section for commands and data exfiltration. The malware also leaves very few operating traces on the affected system. This article continues to discuss the APT37 threat group's use of new evasive M2RAT malware.
Bleeping Computer reports "RedEyes Hackers Use New Malware to Steal Data From Windows, Phones"