RedEyes hackers use new malware to steal data from Windows, phones


The APT37 threat organisation targets people for information gathering using the new elusive “M2RAT” malware and steganography. APT37, also known as “RedEyes” or “ScarCruft,” is a North Korean hacker collective said to be funded by the government.

The hacker gang was observed in 2022 using Internet Explorer zero-day vulnerabilities to distribute a wide range of malware against selected companies and people. Researchers describe how APT37 is now deploying a new malware strain named “M2RAT,” which uses a shared memory region for instructions and data exfiltration and leaves very little operating traces on the compromised computer, in a new report published today by AhnLab Security Emergency response Center (ASEC).

Read More…