North Korean malware uses new trick to avoid analysis and detection



News North Korean malware uses new trick to avoid analysis and detection Remote Access Trojan by DPRK-linked Konni hackers encrypts code with secret keys to frustrate cybersecurity researchers Nils Weisensee January 28, 2022 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON Wikimedia Commons via Santeri Viinamaki \| Artistic rendering of a trojan horse infection North Korean hackers have found a novel way to make recent malware significantly harder to analyze and detect, researchers at cybersecurity firm Malwarebytes told NK Pro on Friday, showcasing more advanced techniques to defeat antivirus software. According to Threat Intelligence Researcher Roberto Santos, new versions of a Remote Access Trojan (RAT) created by DPRK-linked cybercriminals have started using the service name of a process running on infected machines to encrypt and decrypt code and files related to the malware. Because the service name can change and is often unknown to researchers trying to analyze malicious code, it Read More © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. LATEST ANALYSIS 01Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump. 02All the question marks hanging over Trump’s approach to North Korea in term two 03Time almost up for North Korea’s plan to launch 3 military satellites in 2024 04Trump return rekindles prospects of North Korea talks, but Russia stands in way 05How China could benefit from North Korea’s troop deployment to Ukraine 06New North Korean ICBM delivers big political message, and likely bigger payloads 07How North Korea-Russia ties will challenge next US president, no matter who wins 08What to make of the stunning collapse in value of North Korean won 09What to know about Kim Yong Bok, the man leading North Korean troops in Russia 10If Trump: How erratic leader’s reelection could scramble North Korea policy

News

North Korean malware uses new trick to avoid analysis and detection

Remote Access Trojan by DPRK-linked Konni hackers encrypts code with secret keys to frustrate cybersecurity researchers

Nils Weisensee January 28, 2022

North Korean malware uses new trick to avoid analysis and detection

Wikimedia Commons via Santeri Viinamaki | Artistic rendering of a trojan horse infection

North Korean hackers have found a novel way to make recent malware significantly harder to analyze and detect, researchers at cybersecurity firm Malwarebytes told NK Pro on Friday, showcasing more advanced techniques to defeat antivirus software.

According to Threat Intelligence Researcher Roberto Santos, new versions of a Remote Access Trojan (RAT) created by DPRK-linked cybercriminals have started using the service name of a process running on infected machines to encrypt and decrypt code and files related to the malware. Because the service name can change and is often unknown to researchers trying to analyze malicious code, it

01Yoon bet on US to deter North Korea. Now he faces an alliance skeptic in Trump.
02All the question marks hanging over Trump’s approach to North Korea in term two
03Time almost up for North Korea’s plan to launch 3 military satellites in 2024
04Trump return rekindles prospects of North Korea talks, but Russia stands in way
05How China could benefit from North Korea’s troop deployment to Ukraine
06New North Korean ICBM delivers big political message, and likely bigger payloads
07How North Korea-Russia ties will challenge next US president, no matter who wins
08What to make of the stunning collapse in value of North Korean won
09What to know about Kim Yong Bok, the man leading North Korean troops in Russia
10If Trump: How erratic leader’s reelection could scramble North Korea policy

North Korean malware uses new trick to avoid analysis and detection

LATEST ANALYSIS

Similar Articles

About the Author

Nils Weisensee