Kimsuky group installs AppleSeed backdoor on the target system after the initial compromise, then additionally installs VNC malware via AppleSeed to ultimately control the target system in a graphical environment. As introduced in the previous blog post, Kimsuky group uses AppleSeed to install Meterpreter, a different backdoor malware, and uses TinyNuke, TightVNC and RDP Wrapper for screen control. VNC Malware (TinyNuke, TightVNC) Used by Kimsuky Group While monitoring Kimsuky-related malware, the ASEC analysis team has recently discovered that VNC malware was installed via AppleSeed remote control malware. Recently-found attack tools used by Kimsuky group Kimsuky group’s malware trend is being monitored constantly, and users need to take extra caution when opening attachments in emails from unknown sources and refrain from visiting untrusted websites.