Zaraza bot infostealer targets numerous search engines
According to a report dated May 5, 2023, the North Korean APT group Kimsuky is involved in a new cyber espionage campaign of global reach using its new version of reconnaissance malware, ReconShark.
The threat actor has expanded its targeting reach, now attacking government organizations, research centres, universities and think tanks in the United States, Europe and Asia. Kimsuky uses well-crafted and customized spear-phishing emails to infect its targets with the ReconShark malware, a tactic seen in all of the threat group's previous campaigns. ReconShark is considered to be an evolution of Kimsuky's BabyShark malware.
The malware collects information about the infected system and checks whether security software is running on the machine. The malware sends all the collected data to a C2 server via HTTP POST requests without storing anything locally. Another ability of ReconShark is to retrieve additional payloads from C2, which can give Kimsuky a better grip on the infected system.
Read more about it: here