North Korean group Kimsuky uses QR code phishing sites posing as CJ Logistics to spread DocSwap Android malware with RAT capabilities.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

North Korean threat actor Kimsuky is distributing DocSwap Android malware through QR code phishing sites impersonating CJ Logistics delivery service. The attack uses smishing texts or phishing emails to lure victims into scanning QR codes that download malicious APK files disguised as shipment tracking apps. Once installed, the malware decrypts an embedded APK and launches a RAT service with 57 commands enabling keylogging, audio capture, camera recording, file operations, and data exfiltration of SMS, contacts, call logs, and location. The campaign also includes trojanized versions of legitimate apps like BYCOM VPN and credential harvesting sites mimicking Naver and Kakao platforms.

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App