High-profile cybercriminals often use a wide variety of tools to collect information about their target and figure out what malware they should use. The APT37 group consists of politically-motivated North Korean hackers whose primary targets reside in South Korea. Although their toolset consists of many infostealers and backdoor Trojans, they also employ a few reconnaissance tools whose purpose is to collect software and hardware information about the victim. This does not only help them determine what malware to use, but it also may tell them what sort of computer they have managed to infiltrate.
The SLOWDRIFT Trojan Downloader is a two-in-one tool that the APT37 group uses. The first thing that this malware does is to collect information about the hardware, software, and computer configuration of the victim – the data is then sent to a legitimate cloud-based service that the attackers use. After this step is complete, they can instruct the SLOWDRIFT downloader to fetch and execute a secondary payload.
SLOWDRIFT is a Two-In-One Reconnaissance Tool and Trojan Downloader
One of the largest campaigns involving the SLOWDRIFT downloader was carried out against high-ranking government and academic personnel in South Korea. The malware was delivered via a corrupted Microsoft Office documents that were sent out alongside phishing emails. The group uses public exploits that allow specially crafted documents to execute arbitrary code on the targeted machine – one way to protect computers from this attack is to ensure that all software suites are up-to-date, as well as to use a reputable anti-virus product. In addition to this, users should know better than to download random email attachments that they received unexpectedly – this is one of the most common social engineering tricks that both low-ranking and high-ranking cyber crooks use to deliver malware.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to SLOWDRIFT may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.