ScarCruft Uses New Information-Stealing Malware and Golang-Based Backdoor
Recent reports from AhnLab Security’s Emergency response Center indicate that North Korean threat actor, ScarCruft, has been using sophisticated malware to steal valuable information from its targets. This malware, which has previously undocumented wiretapping features, uses a backdoor developed using Golang to exploit the Ably real-time messaging service.
New Information-Stealing Malware with Wiretapping Features
ScarCruft has been found to be using a new information-stealing malware with advanced wiretapping features. This malware is capable of intercepting audio conversations and stealing valuable information from its targets. The malware has been traced back to ScarCruft and appears to be the group’s latest effort to expand their cyber espionage campaign. The use of wiretapping features is a new tactic for the group and highlights their evolving capabilities.
Golang-Based Backdoor Exploits Ably Real-Time Messaging Service
In addition to the new information-stealing malware, ScarCruft has also developed a Golang-based backdoor that exploits the Ably real-time messaging service. This backdoor allows the group to send commands to the malware and receive stolen data securely, making it more difficult to detect their activities. This is a new tactic for the group, which previously used publicly available services to carry out their attacks.
ScarCruft continues to be a threat to organizations and individuals alike. The group’s latest malware and backdoor developments highlight their ever-evolving tactics and growing capabilities. It is important for organizations to remain vigilant and take steps to protect themselves from these and other cyber threats.Original Article: https://thehackernews.com/2023/06/scarcruft-hackers-exploit-ably-service.html