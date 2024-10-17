ScarCruft, a threat actor linked to North Korea, is being connected to the exploitation of a Windows zero-day. The vulnerability, CVE-2024-38178, is being used to infect devices with RokRAT malware. The exploit is a memory corruption bug that can allow remote code execution. RokRAT can receive and execute commands from a remote server and gather data from applications such as WeChat. ScarCruft is being tracked as TA-RedAnt, and is also known as APT37, InkySquid, and Ruby Sleet. Users must update their operating systems and software security to avoid these types of attacks.



Read more: https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html