The APT37 Threat Group has Developed a Malware Dubbed M2RAT
The APT37 threat group, also known as ‘RedEyes’ or ‘ScarCruft’, has been using malicious malware to conduct cyber espionage operations on behalf of the North Korean government. Dubbed M2RAT, this evasive malware uses steganography – the practice of hiding information within digital images – to avoid detection by security software.
According to AhnLab Security Emergency Response Center (ASEC), the malicious campaign started in January 2023, with attackers sending weaponized attachments that exploit an old EPS vulnerability found in the Hangul word processor widely used in South Korea.
Once executed, M2RAT adds a new value (‘RyPO’) to the ‘Run’ Registry key and executes a PowerShell script via ‘cmd.exe’ to gain persistence on the system. The program possesses various malicious capabilities, such as keylogging, data theft and command execution.
It can also scan for portable devices connected to a Windows computer and copy any documents or voice recording files found onto the infected PC. All collected data is compressed into a password-protected RAR archive before being exfiltrated and wiped from memory in order to leave no traces behind.
M2RAT uses a shared memory section to communicate with its Command-and-Control server, making it difficult for security researchers to analyze the memory of infected devices. With these powerful abilities, M2RAT makes it easy for attackers to control compromised systems as well as collect information from them.
How Do I Deal with a M2RAT Infection?
To protect yourself from a M2RAT Infection, you should practice safe web browsing habits like refraining from opening email attachments from unknown senders and downloading programs from unreliable sources. You should also have a reputable malware remediation tool installed on your computer. That way, you can regularly scan for elements associated with this troublesome malware infection as well as other threats. Also, to reduce the potential damage of a future malware attack, please consider backing up your files on an external hard drive or cloud storage.
If you are still having trouble, consider contacting remote technical support options.