Kimsuky, a North Korean threat actor, has launched a campaign distributing Android malware called DocSwap through phishing sites and QR codes, mimicking logistics services like CJ Logistics. The malware features RAT capabilities, credential theft, and can perform extensive device monitoring, underlining sophisticated social engineering tactics. #Kimsuky #DocSwap #CJLogistics #AndroidMalware #RAT
Keypoints
- The attack involves QR codes and phishing sites mimicking logistics companies to distribute malware.
- Malware uses encrypted APKs and masquerades as legitimate shipment tracking apps to deceive victims.
- Once installed, the malware can remotely log keystrokes, access device features, and exfiltrate personal data.
- The campaign includes credential harvesting phishing sites that target South Korean online platform users.
- The threat actor injects malicious functions into legitimate apps, complicating detection and attribution.
Read More: https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html