ScarCruft Description

ScarCruft (also known as Group 123 and Reaper) is an APT (Advanced Persistent Threat) which usually engages in espionage operations and is believed to originate from North Korea. This conclusion was derived from the fact that the identified victims, one of which Russian, seem to have ties to North Korea, and likely North Korean affairs. Most of ScarCruft APT's operations are carried out in South East Asia. However, they do not limit their activity to this region only. ScarCruft has a specific taste for high-end targets and has thus been gradually upgrading their hacking arsenal and expanding their reach with new attacks detected in Hong Kong and Russia. Recently, they got in the news for developing and launching a piece of malware that targets Bluetooth devices with the end goal of collecting data.

When malware experts started researching ScarCruft's operations up close, they found out that over the course of 2018 this Korean-speaking APT had managed not only to upgrade their whole arsenal of hacking tools but also update the tools, which were already in use, planted on their victims' systems, without being detected by anybody.

ScarCruft APT seems to have decided to expand their horizons and have started targeting mobile devices too. This is how their ScarCruft Bluetooth Harvester came to fruition. This malware can exploit the integrated Windows Bluetooth APIs to achieve its purpose. ScarCruft Bluetooth Harvester is programmed to collect and siphon information about the devices it has been planted on such as an address, device type, and name, what it is connected to, authentication state, and its trusted status.

It is clear to see that more and more ambitious and highly-capable hacking groups are emerging and government institutions, as well as large corporations, cannot afford to let down their guard – the latest and most innovative cybersecurity techniques need to be followed strictly in order to minimize the risk of infiltration and potentially huge damages.

Technical Information

File System Details

ScarCruft creates the following file(s):
# File Name Size MD5
1 file.exe 103,424 37c234d9100198717e9928494e476965

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.