Home Malware Programs Malware NOKKI

NOKKI

Posted: April 21, 2020

NOKKI is a backdoor Trojan whose development and usage has been attributed to Black Shoggath – a cybercrime organization that is believed to operate from North Korea. NOKKI, in particular, shares some features with KONNI, a Remote Access Trojan used by the same group of criminals. However, NOKKI is much simpler in terms of functionality – once it infects a system, it communicates with a remote FTP server to receive commands and exfiltrate information.

The NOKKI backdoor has been used against South Korean users primarily, but malware researchers had uncovered several variants that were tailored to go after systems using a Cyrillic keyboard layout or a Cambodian one.

It is believed that the cybercriminals behind the NOKKI backdoor Trojan are relying on various techniques to propagate their threatening program – spam emails, fake downloads, specifically crafted lures, bogus social media profiles and more. It is likely that the fake messages used to distribute NOKKI are focused on currently trending topics – previous emails included details about the 2018 World Cup, so it is entirely possible that the cybercriminals may opt to use other highly sought topics such as the Coronavirus.

While NOKKI might be a piece of malware developed by a nation-backed threat actor, you can rest assured that it will not be able to bypass a properly configured anti-malware service. We advise our readers to take the necessary precautions to secure their systems against threats like the NOKKI backdoor.

Loading...