FastViewer Variant Merged with FastSpy and disguised as a Legitimate Mobile Application

2023-10-30 S2W

https://medium.com/s2wblog/fastviewer-variant-merged-with-fastspy-and-disguised-as-a-legitimate-mobile-application-f3004588f95c

Thumbnail for FastViewer Variant Merged with FastSpy and disguised as a Legitimate Mobile Application

S2W reports that the Kimsuky APT group used a FastViewer variant merged with FastSpy and disguised as a legitimate mobile application. The analysis links the activity to prior FastViewer and FastSpy research from 2022 and says the newer variant appears to have been in production since at least 2023. The source assesses that distribution could follow earlier Kimsuky patterns, including spear-phishing emails or smishing that trick targets into executing the application. Defenders should validate Android application artifacts, C2 references, Google Sync abuse, and mobile telemetry before operational blocking.

Indicators of Compromise

Type Value First Seen Last Seen
IPv4 144.76.109.61 2023-10-30 2024-11-19
HASH d66aeb492dec0c88d447711017458182 2023-10-30 2023-10-30
HASH 72587b3da56546285496198af6c67809 2023-10-30 2023-10-30
HASH 7ced6bf0f2e26716a0ed64238425e29f 2023-10-30 2023-10-30
HASH f334167b35ae5b6e1166819f98e77c90 2023-10-30 2023-10-30
HASH 1315ac032903371e6e1be2f06875c117 2023-10-30 2023-10-30
HASH 536e736ea4009376f60f77f044461bee 2023-10-30 2023-10-30
HASH dec2ca08aa5abbc4d0e20ab67aa26e5d 2023-10-30 2023-10-30
HASH 02dd6e7a49138d4fe7c4a8cd920afb21 2023-10-30 2023-10-30
HASH f1570d3c0974968d3c7acaa268d36497 2023-10-30 2023-10-30
HASH d1af9d1d4580e4a578f10b9515963545 2023-10-30 2023-10-30
HASH a7412db9b5bcf564d66b2babdc26aa39 2023-10-30 2023-10-30
HASH 0a3fe48c8ff1f7c50c22accfc5185d42 2023-10-30 2023-10-30
HASH a810fafd4b6ac524ce032896c295f37b 2023-10-30 2023-10-30

Related Actors

Related Reports

« Back