Clicking what looks like a PDF can silently launch HTAs (HTML Application files) running KimJongRAT’s Stealer Module, malware specifically designed to steal passwords, emails, FTP credentials, and keystrokes, along with its Orchestrator Module that exfiltrates stolen data, all while showing decoy PDFs to distract you. Attackers rely on loaders or PowerShell scripts to work in the background.
Inovasys has proactively incorporated this advanced tactic into our active defense systems, reinforced through our cybersecurity and cyber defense services, ensuring our clients’ data remains secure. Inovasys gives clients dominance over threats, acceptance of advanced defense strategies, and the opportunity to operate fearlessly.
The malware is specifically engineered to harvest critical data, including passwords, email credentials, FTP client details, and keystrokes. It also targets information from popular web browsers, and it can even exfiltrate data from cryptocurrency wallet extensions.
Beyond its stealer capabilities, the malware often includes a powerful Orchestrator Module. This component is a backdoor that provides attackers with persistent remote control over the compromised machine. It is responsible for gathering collected data and exfiltrating it to a remote command and control (C2) server. To avoid detection, the attackers use a legitimate content delivery network (CDN) to host their malicious payloads and employ obfuscation techniques like XOR and RC4 encryption for their communications. The entire attack chain is designed for stealth, allowing the threat actors to maintain a foothold on the system for long periods.
Inovasys, founded in 2014, has been a leader in providing advanced technology solutions. By 2020, it became known as a service provider. The company aims to be the best partner for businesses looking to improve their operations with digital technology.