Advanced Persistent Threats or APTs are cyber threat actors, most often operated or sponsored by nation states. These groups aim to achieve unauthorized access on computer networks for political or economic reasons. Many public and private sectors are targeted by APTs including defense, legal services, financial services, telecommunications, industrial, and consumer goods manufacturers, among others.
The Kimsuky APT, which is based in North Korea, has released a trio of mobile threats utilized in attack campaigns targeting victims’ Android devices. These threats, known as FastFire, FastViewer, and FastSpy, were identified in a report by malware researchers from a South Korean cybersecurity company.
The Kimsuky group is believed to be backed by the North Korean regime and its leader Kim Jong-Un. They have been active since 2012 and they have mostly been targeting entities in South Korea, Japan, and the U.S. Their campaigns can usually be considered cyberespionage, as they aim to collect sensitive information from individuals or organizations involved in the politics, diplomacy, media, or research sectors.
Kimsuky’s FastSpy threat is deployed on the infected devices by another malware from the same group FastViewer. FastSpy gives attackers remote control over the targeted device. The threat can acquire additional privileges by abusing the same Android accessibility API privileges that FastViewer initially attempts to obtain.
To obtain the API privileges, FastSpy displays a pop-up requesting the needed permission and then a click is simulated on the ‘Agree’ button. No actual interaction from the user is required which makes the threat particularly dangerous. FastSpy can then collect SMS information, track the device’s location, and monitor the camera, microphone, speaker, GPS, and other functions in real time.
How Do I Remove FastFire, FastViewer and FastSpy from My Computer?
We strongly recommend removing FastFire, FastViewer, FastSpy, and any other malware associated with the Kimsuky APT from your Android device by using a reputable malware remediation tool. Take note that similar malware can affect devices that run on other types of operating systems as well. To prevent the installation of potentially unwanted programs in the future, you should practice good web surfing habits like avoiding questionable freeware sites, torrent pages, and other websites that may host unreliable app software.
