The source describes Kimsuky activity using a new Android component associated with AppleSeed/AutoUpdate and disguised as a KISA mobile security-check application to target selected South Korean victims. The APK collected Android device information, contacted download.riseknite.life with m=a, m=c, and m=d parameters, enumerated files under /sdcard, uploaded disguised and encrypted archives, executed commands, read SMS messages, and could send SMS or clear app data. The report also correlates the Android backdoor with Kimsuky Windows droppers and AppleSeed DLL infrastructure, including onedrive-upload.ikpoo.cf, based on similar traffic parameters and decryption logic. The activity illustrates Kimsuky’s continued expansion across Windows and Android payloads against South Korea-focused targets.