Security Researchers Identify New Evasive Malware Known as "M2RAT"

Security researchers have recently identified a new evasive malware known as "M2RAT," which is being used by an infamous North Korean hacking group called APT37, also known as "RedEyes" or "ScarCruft," to steal sensitive data from Windows phones. This discovery is particularly concerning given the group's history of targeting high-value targets, including governments, military organizations, and other high-profile entities.
The APT37 group is believed to be state-sponsored and has been active for several years, with a history of using a range of techniques to evade detection and maintain persistence on target systems. The use of M2RAT represents a new threat vector that security researchers are struggling to mitigate.

M2RAT Malware

The M2RAT malware is a new variant of the Android banking trojan "Cerberus," which was first discovered in 2019. The malware is spread through phishing emails and SMS messages, which contain links to fake websites that are designed to look like legitimate financial or banking sites. Once a user clicks on the link, the malware is downloaded onto their device, where it can begin to steal sensitive data, including login credentials, financial data, and other personal information.

The malware is particularly insidious because it is designed to bypass many of the security measures that are commonly used to protect against similar threats. For example, the malware can detect when it is running on a virtual machine, which is often used by researchers to analyze malware samples. Additionally, the malware can detect and disable various security solutions, including antivirus software and firewalls, making it even more difficult to detect and stop.

The APT37 group has a long history of using sophisticated hacking techniques to achieve its objectives. In recent years, the group has been responsible for a range of high-profile attacks, including the 2018 OlympicDestroyer malware attack, which targeted the Winter Olympics in Pyeongchang, South Korea. The group has also been linked to a range of other attacks targeting governments and organizations in South Korea and elsewhere.

M2RAT Malware used to Target Windows Phones

While the M2RAT malware is currently being used to target Windows phones, there is a risk that it could be adapted to target other devices and platforms in the future. As such, security researchers are working to identify and mitigate the threat as quickly as possible.

At the same time, governments and organizations are being urged to take steps to protect their networks and devices against the APT37 group and other state-sponsored hacking groups. This includes implementing strong security measures, such as multi-factor authentication and regular patching, as well as monitoring their networks for signs of suspicious activity.

The discovery of M2RAT highlights the ever-evolving threat landscape that organizations face, with state-sponsored hacking groups like APT37 constantly developing new and more sophisticated techniques to achieve their objectives.