The ZUMKONG infostealer is a hacking tool that is a part of the arsenal of the infamous APT37 (Advanced Persistent Threat). This hacking group is also known under the alias ScarCruft. Malware researchers have determined that this group of individuals is located in North Korea and is likely doing the bidding of Kim Jong-Un as hired mercenaries by the government. Therefore, it makes sense why most of the victims of the APT37 group are South Korean organizations and individuals in influential positions.
It is likely that the ScarCruft hacking group is using spam email campaigns to propagate most of their threats, as this appears to be their preferred infection vector. The emails are usually tailored carefully since they do not tend to target everyday users but high-ranking employees or large corporations of government bodies. The contents of these emails are made to look genuine and trick the user into opening a potential macro-laced file, which may be attached to the message.
Works with the SLOWDRIFT Trojan
After studying the campaigns, which involved the ZUMKONG infostealer, malware experts discovered that this threat was spread with the help of another one of APT37's tools – the SLOWDRIFT Trojan downloader. These two threats work in unison perfectly – the SLOWDRIFT Trojan infiltrates the targeted system, feeds the attackers information about the host, and they choose which another hacking tool they should use in this operation. In this case, the ScarCruft group has opted to deploy the ZUMKONG malware. The SLOWDRIFT Trojan downloader paves the way for the ZUMKONG infostealer to compromise the system as a second-stage payload. The ScarCruft hacking group is known to have an affinity for stealth, so the victim is likely never even to spot the harmful activities of the ZUMKONG malware.
The full capabilities of the ZUMKONG malware are still to be uncovered. However, it is known that this threat can collect data such as:
- Google Chrome settings details.
- Internet Explorer settings details.
- Usernames and passwords. /li>
The collected data is siphoned to the attackers via the network of a genuine Russian email service called 'mail.zmail.ru.'
The APT37 group has an impressive list of tools that keeps expanding, and with the funding from the North Korean government, these shady individuals are certainly going to continue their campaigns in the future.
Do You Suspect Your PC May Be Infected with ZUMKONG & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like ZUMKONG as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.