New NarwhalRAT Malware Targets Korean Users via Phishing Emails

A new malware named NarwhalRAT has been discovered targeting Korean users through phishing emails impersonating the Microsoft security team. The malware, linked to the North Korean hacking group APT37, can perform over 30 functions, including keystroke logging and remote command execution. The attack begins with a spear-phishing email warning of suspicious activity related to one-time passwords (OTPs). Users are tricked into downloading a malicious LNK file disguised as a document, which installs the malware. The malware creates a folder named 'naverwhale' to avoid detection, mimicking the Naver Whale browser. The collected data is temporarily stored before being sent to the attacker, making it harder for security solutions to detect in real-time. Security experts recommend strengthening detection systems to mitigate future attacks.

Key Points: • NarwhalRAT malware targets Korean users via phishing emails impersonating Microsoft. • The malware can perform over 30 functions, including keystroke logging and screen capture. • Security experts warn of potential future variants and recommend enhanced detection measures.