A new malware campaign has been identified targeting South Korean PC users through emails that impersonate Microsoft’s security team. This spear-phishing attack, revealed by cybersecurity experts, involves fake security notices about repeated one-time passcode generation, creating anxiety about potential account breaches. The goal is to trick users into downloading malicious attachments. The malware, known as NarwhalRAT, is a remote access Trojan associated with the North Korean hacking group APT37. Once installed, it allows attackers to remotely control various PC functions, such as file transfers, microphone recording, and keystroke logging. This attack mirrors tactics used by the same group with a Python-based backdoor discovered last year. Experts recommend enhancing behavior-based detection systems to identify abnormal activities, as similar attacks may continue to evolve.
Is new malware disguised as Microsoft security alert targeting South Korean PC users?
