Home Malware Programs Backdoors KingOfHearts


Posted: October 16, 2020

The KingOfHearts malware is a backdoor Trojan written in C++. Its development and usage are attributed to the group of criminals responsible for the SLOTHFULMEDIA RAT, which was reported in the first days of October 2020. The KingOfHearts malware, however, is by no means new. The earliest artifacts linked to its activity are from 2014, and it has undergone significant updates since then. The threat is spread with the assistance of spear-phishing emails containing corrupted Microsoft Office documents.

KingOfHearts's features are typical for a backdoor Trojan, and it does not shine with any spectacular functionality. It can:

  • Execute remote commands.
  • Access the file system, and modify, view, delete or create files.
  • Download/upload files and folders.
  • View and manage running processes.
  • Capture screenshots.

The data collected by the KingOfHearts is transferred to a remote server via HTTP or HTTPS. Despite the lack of unique features, the KingOfHearts malware is certainly not to be underestimated. It has been able to cause significant damage over its five years of activity, and it is very likely that the backdoor Trojan is still active to this very day.