The NOKKI malware appears to be a hacking tool that belongs to the Black Shoggath group. According to cybersecurity researchers, the Black Shoggath hacking group originates from North Korea and often targets North Korean defectors who are deemed an enemy of the state.
The NOKKI malware seems to be rather similar to another threat from the same authors – KONNI. The KONNI threat is a RAT (Remote Access Trojan), while the NOKKI malware has a more limited list of capabilities. Its main purpose is to collect information and connect with a remote FTP server that is meant to provide it with commands. As expected, the NOKKI threat is going after targets located in South Korea mainly. However, malware researchers have spotted variants of the NOKKI malware that target users who have Cyrillic or Cambodian keyboard set as default.
The creators of the NOKKI Trojan appear to rely on several infection vectors to distribute this threat. This includes bogus application downloads, fake social media profiles, mass spam email campaigns, etc. The authors of the NOKKI malware tend to use topics that make the headlines worldwide to trick users into allowing this threat into their systems. In campaigns from 2018, the NOKKI malware was propagated via fake emails regarding the 2018 World Cup. It is likely that in the contemporary climate, the operators of the NOKKI Trojan may be propagating it via Coronavirus-themed bogus emails.
The NOKKI threat is a threatening Trojan that is the creation of a high-profile hacking group sponsored by the North Korean government, so even despite its short list of capabilities, it should not be underestimated. Remember to install a reputable anti-malware solution that will ensure the security of your system and your data against threats like the NOKKI Trojan.