There is a newly emerging high-profile ill-minded actor from North Korea, the ScarCruft hacking group. This group of individuals also is known as the APT37 (Advanced Persistent Threat). Cybersecurity researchers believe that the ScarCruft group is likely being funded by the North Korean government directly and is being used as a weapon against foreign governments and officials. Most of the APT37’s targets appear to be South Korean individuals in positions of importance or power. The ScarCruft hacking group has a long list of hacking tools, among which is the DOGCALL backdoor Trojan. The first campaign in which the DOGCALL Trojan was utilized took place in August 2016.
Targeted Military and Government Institutions in South Korea
In 2017 the APT37 launched an operation targeting government bodies and military institutions located in South Korea. One of the tools, which were used in this infamous campaign is the DOGCALL backdoor Trojan. The propagation method employed by the attackers was spam emails that contained a fake Microsoft Office document attached to them. The DOGCALL Trojan’s payload would be executed as soon as the segment of obfuscated shellcode decrypts it.
The ScarCruft hacking group is known for its preference of stealth over brute force. The DOGCALL Trojan does not stray from this preferred method of the APT37 it is meant to infiltrate the host and operate on the down-low allowing the attackers to have access to the system over a prolonged period silently. The DOGCALL backdoor Trojan is capable of:
- Executing a keylogging module.
- Taking screenshots of open tabs and the desktop of the victim.
- Executing remote commands.
The DOGCALL Trojan is capable of detecting whether it is being run in a malware debugging environment, which makes the job of malware researchers more difficult but not impossible. The APT37 is known to have used another one of their hacking tools in combination with the DOGCALL Trojan, the RUHAPPY wiper.
For a while, the only hacking group known to hail from North Korea was Lazarus. However, the ScarCruft APT has been making the headlines recently, and the fact that the North Korean government funds them is enough to make one realize that this malicious actor will be around for a while.
Do You Suspect Your PC May Be Infected with DOGCALL & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like DOGCALL as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.