SLOWDRIFT Description

The North Korean government does not shy away from using hacking groups to do their bidding on the international stage. They are known to have been working with the notorious Lazarus hacking group for years, which has carried out numerous attacks aimed at furthering North Korean interests politically. Recently, they have begun working with another hacking group – ScarCruft. The ScarCruft group also is known as APT37 (Advanced Persistent Threat). They have carried out attacks against Middle Eastern targets, but most of their victims are located in South Korea. The ScarCruft hacking group does not go after everyday users - their efforts are concentrated on individuals in prestigious positions or large organizations.

Propagation Method

Usually, the ScarCruft hacking group uses email campaigns to propagate their hacking tools. More specifically, they make sure the emails they send out to their targets look as believable and legitimate as possible. These emails would have an attached document, which is likely to be macro-laced. The message in the email would attempt to convince the user to execute the seemingly harmless attachment. This is how the user will give the green light to the unsafe payload stored in the corrupted attachment.

Able to Collect Data and Plant Additional Malware

The SLOWDRIFT threat, in particular, can be classified as a Trojan downloader. This hacking tool is meant to infiltrate the host and begin collecting information about the system. The data that the SLOWDRIFT Trojan is after is general information regarding the hardware and software of the infected host. Then, the data in question will be transferred to the operators of the SLOWDRIFT Trojan. This helps the ScarCruft hacking group determine how to continue the attack, and more specifically, which one of their other hacking tools would be most suitable for deployment as a second-stage payload. The SLOWDRIFT Trojan downloader serves as a gateway for the attackers to plant a more severe threat on the compromised system. Cybersecurity experts have determined that so far, the ScarCruft hacking group has used the SLOWDRIFT Trojan downloader to plant the ZUMKONG infostealer on their targeted computers.

The APT37 group is a rising star in the dark world of cyber crooks. If they continue improving their tools and techniques, they may soon be considered on the level of their fellow North Koreans dealing in the same sector - the infamous Lazarus hacking group.

Do You Suspect Your PC May Be Infected with SLOWDRIFT & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like SLOWDRIFT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.