With the release of FadeStealer, a new piece of malware, the North Korean state-sponsored hacker organisation APT37, also known as ScarCruft, has made a comeback. The threat actor may listen in on victims’ microphones thanks to the malware’s wiretapping feature. FadeStealer, according to ASEC researchers, was initially discovered in May and was seen being disseminated coupled with a Golang-based backdoor that abuses the Ably platform.
According to speculation, the backdoor was spread in its initial stages using phishing emails that included password-protected Word and Hangul Word Processor documents as well as CHM files.In addition to being able to listen in on victims’ private conversations, the spyware has the capacity to steal a wide range of data from Windows systems. This also includes data from removable media devices, screenshots, and keystroke logs.