all InfoSec news
Kimsuky Group Uses ADS to Conceal Malware
Malware Analysis, News and Indicators - Latest topics malware.news
AhnLab Security Emergency response Center (ASEC) has discovered that the Kimsuky group is using Alternate Data Stream (ADS) to hide their malware.
This malware is an Infostealer that collects data by starting the VBScript included inside an HTML file. It can be characterized by its tendency to add the actual code between numerous dummy codes.
Figure 1. Part of the initially executed script
The following commands are executed in the terminal to collect and transmit data.
- hostname
- systeminfo
- net user …
ads ahnlab alternate data stream arp asec center code collect conceal data data stream emergency file hide html infostealer kimsuky malware malware analysis print query response script security stream terminal vbscript