2023-08-21_ìì_ëì_ë³ê³ìZoom_ìì_ìë³ë_ììí_ReconShark.pdf (702 KB)

Hauri reported a Kimsuky malware family called ReconShark that used Zoom meeting-information lures against organizations and individuals handling North Korea-related information. The malware displayed a decoy Zoom document from attacker infrastructure, collected battery and process information from the infected PC, and sent it to command-and-control infrastructure. It then received an AES key to decrypt follow-on download code, adapting execution depending on installed security products such as Bitdefender, Kaspersky, V3, Alyac, and Avast.