FastFire Mobile Malware Linked to Malicious Kimsuky Group
Mobile security researchers with Talon Cyber Security have identified a number of different new malware strains that all target mobile devices running Android. The trifecta of new threats has been given the names FastFire, FastViewer and FastSpy, reflecting their capabilities.
The new malware variants are showing ties to the North Korean threat actor known as the Kimsuky group. Kimsuky has been around for around a decade, targeting both Windows systems and mobile devices and using targeted phishing attack vectors.
The FastFire package, singled out as malicious by Talon, was still not being flagged as malware by none of the scanners on VirusTotal as of late October 2022, which makes it a threat that can still fly under the radar.
The malware is distributed as a package named "com.viewer.fastsecure" and poses as a Google security plugin. Once installed on the device, FastFire will hide its icon to mask its presence.
The malware can communicate with its command and control servers and the infected device can receive commands. The malicious package contains five different malicious classes but according to Talon, only three of those are executed and used by the malware.