ESRC analyzes Trojan.Android.AgentNK, a malicious Android app believed to have been produced by the Konni group and used for cryptocurrency-focused espionage and theft. The app reuses code, strings, C2 command-handling logic, and data-storage filenames seen in earlier Konni Android malware from 2019, supporting the attribution assessment. It disguises itself as a cryptocurrency-related app, displays a login page to appear legitimate, and performs background collection of victim information. ESRC frames the activity as part of North Korea-linked efforts to steal cryptocurrency and personal data for financial gain.