ScarCruft’s Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques

From thehackernews.com

The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware onto targeted machines.

According to multiple reports from AhnLab Security Emergency response Center (ASEC), SEKOIA.IO, and Zscaler, the development is illustrative of the group’s continuous efforts to refine and retool its tactics to sidestep detection.

“The group is constantly evolving its tools, techniques, and procedures while experimenting with new file formats and methods to bypass security vendors,” Zscaler researchers Sudeep Singh and Naveen Selvan said in a new analysis published Tuesday.

Read more…