A malware, or malicious software, it can infiltrate the system of your mobile device or PC to steal your data. He M2RAT is among the most dangerous today, as it can empty bank accounts in seconds, among other damages.
Its origin is in North Korea, with attacks directed at its neighboring rival, South Korea. As pointed out The Hacker News, the threat actor APT37, promoted by the government of kim jong un, created the powerful malware.
APT37 is also known by the nicknames of Reaper, RedEyes, Ricochet Chillima and ScarCruft. It is not known if it is a person or a group of people.
“The evaluated main mission of APT37 is the covert intelligence gathering in support of military, political, and economic interests of the Democratic People’s Republic of Korea,” explained Mandiant, a threat intelligence firm.
But, how does M2RAT work?
APT37’s M2RAT malware roadmap
the malware M2RAT use a vulnerability Hangul EPS, with steganography techniques to distribute malicious code.
The infection chain starts with a decoy Hangul document, which exploits a flaw (patched when the corruption was known). in word processing software CVE-2017-8291 to activate a shellcode that downloads an image from a remote server.
The JPEG file uses steganographic techniques to hide a portable executable that, when launched, downloads the M2RAT implant, infecting the legitimate process explorer.exe., according to The Hacker News.
What does the virus do?
- register keys, each code the person enters on their device.
- Capture screens.
- Run processes without request or permission.
- steal information of the user.
- Divert data from removable drives and connected smartphones.
From there to any data that is handled through the device or PC is susceptible to being stolen by M2RAT, including what is related to bank accounts.
