North Korean Hackers Exploit Antivirus Flaw to Spread Malware for Five Years

April 24, 2024
North Korean Hackers Exploit Antivirus Flaw to Spread Malware for Five Years
  • North Korean hackers have compromised eScan antivirus software updates delivered via HTTP to install GuptiMiner malware.

  • The sophisticated attack used DLL hijacking, custom DNS, and IP masking, focusing on Windows 7 and Server 2008 systems.

  • GuptiMiner's installation also included a cryptocurrency miner, possibly as a distraction from the primary malware activities.

  • Security researchers suggest ties between the GuptiMiner malware and the North Korean APT group Kimsuki.

  • eScan has patched the update vulnerability and improved its security, though GuptiMiner infections persist, suggesting some systems remain unpatched.

  • Avast has published a GitHub page listing indicators of compromise, and users are advised to scan their systems for infections.

Summary based on 2 sources


Get a daily email with more Tech stories

Related Stories