The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express).
“The threat actor leveraged QR codes and notification pop-ups to lure victims into installing and executing the malware on their mobileThe Hacker NewsRead More
T1
