SLOWDRIFT
High-profile cybercriminals often use a wide variety of tools to collect information about their target and figure out what malware they should use. The APT37 group consists of politically-motivated North Korean hackers whose primary targets reside in South Korea. Although their toolset consists of many infostealers and backdoor Trojans, they also employ a few reconnaissance tools whose purpose is to collect software and hardware information about the victim. This does not only help them determine what malware to use, but it also may tell them what sort of computer they have managed to infiltrate.
The SLOWDRIFT Trojan Downloader is a two-in-one tool that the APT37 group uses. The first thing that this malware does is to collect information about the hardware, software, and computer configuration of the victim – the data is then sent to a legitimate cloud-based service that the attackers use. After this step is complete, they can instruct the SLOWDRIFT downloader to fetch and execute a secondary payload.
SLOWDRIFT is a Two-In-One Reconnaissance Tool and Trojan Downloader
One of the largest campaigns involving the SLOWDRIFT downloader was carried out against high-ranking government and academic personnel in South Korea. The malware was delivered via a corrupted Microsoft Office documents that were sent out alongside phishing emails. The group uses public exploits that allow specially crafted documents to execute arbitrary code on the targeted machine – one way to protect computers from this attack is to ensure that all software suites are up-to-date, as well as to use a reputable anti-virus product. In addition to this, users should know better than to download random email attachments that they received unexpectedly – this is one of the most common social engineering tricks that both low-ranking and high-ranking cyber crooks use to deliver malware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.