Konni remote access Trojan receives 'significant' upgrades

The Konni Remote Access Trojan (RAT) has recently received “significant” updates, researchers say, who also urge the community to keep a close eye on the malware.  

On Wednesday, cybersecurity firm Malwarebytes published an advisory on the malware’s latest developments, noting that the Trojan is under active development resulting in “major” changes. 

Konni has been detected in the wild for roughly eight years. A report on the malware published by BlackBerry in 2017 said that the malware made use of “basic” anti-analysis techniques and was employed for surveillance purposes, rather than the typical financial attacks often linked to RATs. 

Past campaigns have hinted strongly at a link with North Korea. Phishing documents used to spread the Trojan tend to have themes connected to the Hermit Kingdom, including content relating to missile capabilities, hydrogen bombs, and articles copied from the Yonhap news agency that talked about the country.

The attached documents contained the payload, and once executed on a vulnerable Windows machine, Konni would gather data through file grabs, keystroke logs, and screen capturing. 

Konni is believed to be the work of the Kimsuky threat group, which has attacked South Korean think tanks, political groups in Russia, and entities in both Japan

Read More: https://www.zdnet.com/article/konni-remote-access-trojan-receives-significant-upgrades/#ftag=RSSbaffb68