A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed Kimsuky, which is also known as Black Banshee, Emerald Sleet, and TA427.
Source: The Hacker News