Three new trojans known as BANKSHOT, HARDRAIN and BADCALL have been identified as being created and operated by the advanced North Korean threat group known as HIDDEN COBRA.
BANKSHOT consists of several proxy application tools intended to disguise command and control (C2) communications. Also included are two remote access trojan (RAT) tools designed to install the proxy applications.
HARDRAIN is two 32-bit Windows executables that function as proxy servers to mask the C2 communications of the third file, an Executable Linkable Format file designed as an Android-based RAT.
BADCALL appears similar to HARDRAIN except it uses an Android Package Kit file to store and execute the RAT.
Affected Platforms :
Microsoft Windows – All versions
Google Android – All versions