Information security
fromThe Hacker News
1 week agoNorth Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
APT37 employs social engineering on Facebook to deliver RokRAT via a compromised PDF viewer.
The digital missive contains a ZIP archive attachment that contains a Windows shortcut (LNK) masquerading as a PDF document, which, when opened, launches the newsletter as a decoy while dropping RokRAT on the infected host. RokRAT is a known malware associated with APT37, with the tool capable of collecting system information, executing arbitrary commands, enumerating the file system, capturing screenshots, and downloading additional payloads. The gathered data is exfiltrated via Dropbox, Google Cloud, pCloud, and Yandex Cloud.