🚨BREAKING AI NEWS: AUTONOMOUS HACKING TOOL UNVEILED by AI experts! China caught using it! The pentesting industry is COOKED!

A recent report reveals the "EndClient RAT," a sophisticated malware targeting North Korean Human Rights Defenders, exploiting stolen code-signing to bypass AV, with low detection rates and urgent calls for public awareness. #CyberSecurity #HumanRights

"New Kimsuky Malware “EndClient RAT”: First Technical Report and IOCs" published by @0x0v1. #EndClientRAT, #Kimsuky, #DPRK, #CTI

This is related to the #EndClientRAT report I published yesterday.

New Kimsuky Malware “EndClient RAT”: First Technical Report and IOCs https://t.co/GQceqxXMHj #kimsuky #lazarus #northkorea #humanrights @lazarusholic

My general view and perception of the word 'assistant' has been radically changed, to the point where at times, I have to double check if it means it's true meaning or it is in-fact an AI.

>open source >looks inside >no code

Highly likely this is #Kimsuky but I don't have enough datapoints on it to validate other than it's using AutoIt and it's targets.

New AutoIt-based campaign targeting Korean HRDs C2 (116[.]202[.]99[.]218). Samples beacon with system info JSON ending in endClient9688. Malware supports upload/download/shell commands. Mutex Global\AB732E15-D8DD-87A1-7464-CE6698819E701. Uses ws2_32 + CryptoAPI. #infosec #IOC

Live look at dev teams “actively investigating the issue” as they await a fix from AWS

Developed by government employees rather than openly in the community, exploits get embargoed, not shared. The paradise of the underground has been paved over by venture capital and compliance frameworks, steamrolling everything we used to stand for. Ref:

Now: Hacking is a job title. Curiosity has been commodified. A thousand "Bug Bounty Platforms" are trying to monetize your desire for understanding, to turn it into CVEs and T-shirts. CTFs have become resume-building exercises. Reverse engineers wear corporate badges.

Also include GN/Ninja integration (Google’s build system) for AOSP devices. My guess is most likely used in their Android malware development

- getenforce/setenforce -> Query and modify SELinux enforcemnt - restorecon/runcon -> Reset / run processes under SELinux contexts - sendevent -> Generate low-lvl input evnts (touch/keys) - log, logwrapper -> Interface with Android’s log system - load_policy -> Load SELinux pols

The #Kimsuky divergences in #ToyBox append a new command category in toys/android/ with the following options:

Very interesting. But still need to test it security wise. A very vital use case for this type of technology could include in situations of disaster where internet goes down. War, victims of genocide, protests etc

A massive GRMA to everyone who came out to support us as their carnival of distraction rolls on. We will be back on September 26th for the Court to determine jurisdiction. We have set out why it does not. Kneecap is not the story. Palestine is the story. The British

I guess in the recent update, you could still consider a co-resident app that competes for the forwarded port, but would be less reliable.

Unfortuantely, they patched the bug :(. But since they patched it, I guess it's helpful to now disclose anti-forensic patterns like this.