A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear. This includes the Autoit3.exe binary and an AutoIt script that's launched using the former. The Auto It script, for its part, performs process injection using a process hollowing technique, in which malicious code is inserted into a process that's in a suspended state. The attack has been loosely pinned on a North Korean nation-state actor named Kimsuky. Earlier this February, Interlab also revealed that North Korean nations-state actors had targeted a journalist with Android malware dubbed RambleOn as part of a social engineering campaign.SuperBear is similar to other recent malware discovered by the company.
#shorts #techshorts #technews #tech #technology #SuperBear #process injection #data
