AhnLab ASEC reports that Kimsuky used its AppleSeed backdoor to install additional VNC malware for graphical remote control of compromised systems. The observed toolset includes TinyNuke with only the HVNC capability enabled, using reverse VNC behavior and validation strings such as “AVE_MARIA” or newer “LIGHT’S BOMB” variants. The group also deployed a customized TightVNC server module that can connect back to an attacker-controlled viewer without normal service installation. The report places these screen-control tools alongside AppleSeed, Meterpreter, RDP Wrapper and Powerkatz, showing Kimsuky’s continued use of layered post-compromise access and credential-theft tooling.