The S2W Threat Analysis team recently hunted and analyzed a new FastViewer sample from the Kimsuky APT group behind North Korea, and found that the group seems to be using a variant of FastViewer. The variant has been in production since at least July 2023 and, like the initial version, is found to induce installation by distributing repackaged APKs that include malicious code in legitimate apps.

Click here for more.