Windows zero-day leveraged for RokRAT malware delivery

Share This Post



Attacks exploiting a recently patched high-severity Windows Scripting Engine zero-day vulnerability, tracked as CVE-2024-38178, have been launched by North Korean state-sponsored threat operation APT37, also known as Scarcruft, InkySquid, Ricochet Chollima, Reaper, and Ruby Sleet, to facilitate RokRAT malware delivery, The Hacker News reports.

Threat actors leveraged the flaw to target a toast advertisement program with an unsupported Internet Explorer module, which when installed would trigger a type confusion error and several malicious actions, including the deployment of the RokRAT trojan, a joint analysis from AhnLab Security Intelligence Center and South Korea’s National Cyber Security Center showed. Aside from having file enumeration and arbitrary process termination capabilities, RokRAT’s latest iteration has also enabled remote command execution and data exfiltration from various browsers and apps. “The technological level of North Korean hacking organizations has become more advanced, and they are exploiting various vulnerabilities in addition to [Internet Explorer]. Accordingly, users should update their operating system and software security,” said the report.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Do You Want To Boost Your Business?

drop us a line and keep in touch