Trojan.KonniRat

Security researchers classify the Trojan.KonniRat or KONNI as a Remote Access Trojan (RAT), which was performing its activities in the computers' backgrounds for more than three years without been detected. Looks like that the reduced number of KONNI victims was a key factor for its undetected activities. To make way for introducing KONNI into a computer, its controllers send an email to their targets containing a corrupted .scr file that, when opened, will display an official paper, which the user will want to read. However, while the document is read, the malware will be installed on the victim's machine. Kooni, in its initial attacks, was focused on collecting information. However, like other threats, Kooni was updated, and new features were added to its initial payload. Kooni activities started in 2014, but only in 2017, it appeared on security specialists reports. The attacks performed in 2017 allowed the attackers to run random code on the infected machine., register keystrokes, collect files and take screenshots and can attack the same victim numerous times. Recent attacks by KONNI were focused on North Korea, and KONNI may be connected to another threat named DarkHotel since it targets government representatives related to North Korea.

KONNI, as well as other threats used to attack North Korea, has drawn a lot of attention from the public, security researchers especially due to their efforts to combat them. However, malware developers always find a way to improve their creations and bypass security community efforts. However, computer users that follow security recommendations provided by malware specialists and have strong security software installed and executing will be less prone to infections like KONNI.