KARAE

North Korea is known to have some very highly-skilled cybercriminals, and these individuals usually work for the government. The most well-known APT (Advanced Persistent Threat) hailing from North Korea is the Lazarus hacking group. However, recently, there has been a new group that is gaining traction, ScarCruft (also known as APT37). Since the ScarCruft hacking group is funded by the North Korean government, it is logical that they are doing their bidding in the campaigns they launch. This is why most of the targets of the ScarCruft group are located in South Korea and tend to be high-ranking officials or government institutions. ScarCruft has developed a long list of hacking tools that keeps expanding over time.

Targets Random Users

One of the custom-built hacking tools of the APT37 is the KARAE backdoor Trojan. Malware researchers first spotted this threat back in 2015. It comes as no surprise that the ScarCruft group employed this threat against targets located in South Korea. However, instead of picking targets specifically, the hacking group has opted to have a looser approach and is targeting random users. The distribution method used in the spreading of the KARAE backdoor Trojan is via a bogus YouTube video downloading application and various torrent trackers.

Capabilities

This hacking tool is able to collect data regarding the hardware, software and settings of the infected system. All the gathered information will then be exfiltrated to the attackers’ server. Such data helps the operators of the KARAE Trojan to decide what would be the most efficient way to carry out the attack. The KARAE backdoor Trojan also is meant to operate as a first-stage payload whose purpose is to deploy additional threats on the compromised host. The KARAE Trojan has an unusual feature; this threat communicates with its operators via a genuine cloud-hosting service.

The good news is that the ScarCruft hacking group had not used the KARAE backdoor Trojan since its peak back in 2016. You should look into obtaining a reputable cybersecurity application and make sure you keep all your software up to date.