North Korea is known to have some very highly-skilled cybercriminals, and these individuals usually work for the government. The most well-known APT (Advanced Persistent Threat) hailing from North Korea is the Lazarus hacking group. However, recently, there has been a new group that is gaining traction, ScarCruft (also known as APT37). Since the ScarCruft hacking group is funded by the North Korean government, it is logical that they are doing their bidding in the campaigns they launch. This is why most of the targets of the ScarCruft group are located in South Korea and tend to be high-ranking officials or government institutions. ScarCruft has developed a long list of hacking tools that keeps expanding over time.
Targets Random Users
One of the custom-built hacking tools of the APT37 is the KARAE backdoor Trojan. Malware researchers first spotted this threat back in 2015. It comes as no surprise that the ScarCruft group employed this threat against targets located in South Korea. However, instead of picking targets specifically, the hacking group has opted to have a looser approach and is targeting random users. The distribution method used in the spreading of the KARAE backdoor Trojan is via a bogus YouTube video downloading application and various torrent trackers.
This hacking tool is able to collect data regarding the hardware, software and settings of the infected system. All the gathered information will then be exfiltrated to the attackers’ server. Such data helps the operators of the KARAE Trojan to decide what would be the most efficient way to carry out the attack. The KARAE backdoor Trojan also is meant to operate as a first-stage payload whose purpose is to deploy additional threats on the compromised host. The KARAE Trojan has an unusual feature; this threat communicates with its operators via a genuine cloud-hosting service.
The good news is that the ScarCruft hacking group had not used the KARAE backdoor Trojan since its peak back in 2016. You should look into obtaining a reputable cybersecurity application and make sure you keep all your software up to date.
Do You Suspect Your PC May Be Infected with KARAE & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like KARAE as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.