Discover and read the best of Twitter Threads about #rokrat

Most recents (2)

We’ve identified further, clear connections between #RambleOn Android malware and #APT37.

In 2022 we uncovered a new novel Android malware campaign targeting journalists working on the advocacy of NK human rights at @nknewsorg.

Ref: interlab.or.kr/archives/2567

🧵1/6
Last month @S2W_Official published additional research on #RambleOn, finding other variants of it and highlighting code similarities between a 2017 campaign operated by #APT37 which used a Android variant of #Rokrat Malware

2/6
Note: @S2W_Official Renamed RambleOn malware to Culumus. Reasons for which are unknown.

3/6
Read 6 tweets
In July, #ESETresearch reported on macOS spyware we dubbed CloudMensis. In the blogpost, we left the malware unattributed. However, further analysis showed similarities with a Windows malware called #RokRAT, a #ScarCruft tool. @marc_etienne_, @pkalnai 1/9
The Windows and macOS malware variants are not copycats of each other, but share the following similarities: ➡️ 2/9
1️⃣ Both variants are spyware with functionality such as keylogging and taking screenshots. Each supported command is identified by a number. Its value is in a similar range for both: macOS has 39 commands ranging from 49 to 93, while Windows has 42, ranging from 48 to 90. 3/9
Read 9 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!