Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

Durian (Backdoor) – Malware

July 12, 2024
Reading Time: 3 mins read
in Malware
Durian (Backdoor) – Malware

Durian

Type of Malware

Backdoor

Country of Origin

North Korea

Date of initial activity

2023

Targeted Countries

South Korea

Associated Groups

Kimsuky (APT 43)

Motivation

Cyberwarfare. Enable the execution of delivered commands, additional file downloads and exfiltration of files.

Type of information Stolen

Government Data, Financial Information, Login credentials, Browser Data, System Information, Communication Data, Network Data

Tools

AppleSeed

Attack Vectors

Malicious downloads

Targeted System

Windows

Overview

The North Korean threat group known as Kimsuky has recently deployed a newly discovered malware named Durian in targeted cyber attacks against two South Korean cryptocurrency companies. Durian is built in Golang and features robust backdoor capabilities, allowing it to execute commands, download additional files, and steal sensitive data through exfiltration.

Targets

South Korean crypto firms.

How they operate

The initial-stage malware acts as a conventional installer designed to deploy supplementary malware and establish a persistence mechanism. Upon execution, the installer generates a subsequent stage loader and adds it to the Windows service for automatic execution. The final payload in this sequence is a previously unknown Golang-based malware dubbed “Durian.” Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and file exfiltration. Using Durian, the operator employed various preliminary methods to maintain a connection with the victim. First, they introduced additional malware named “AppleSeed,” an HTTP-based backdoor commonly used by the Kimsuky group. Additionally, they incorporated legitimate tools, such as ngrok and Chrome Remote Desktop, along with a custom proxy tool, to access target machines. Ultimately, the actor deployed the malware to steal browser-stored data, including cookies and login credentials.

Significant Malware Campaigns

  • The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. (May 2024)
References:
  • North Korean Hackers Deploy New Golang Malware ‘Durian’ Against Crypto Firms
  • APT trends report Q1 2024
Tags: AppleSeedBackdoorCryptoCryptocurrencyDurianGolangkimsukyMalwareNorth KoreaSouth KoreaWindows
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

New ZeroCrumb Malware Steals Browser Cookies

TikTok Videos Spread Vidar StealC Malware

CISA Commvault ZeroDay Flaw Risks Secrets

GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

Function Confusion Hits Serverless Clouds

Subscribe to our newsletter

    Latest Incidents

    Cetus Crypto Exchange Hacked For $223M

    MCP Data Breach Hits 235K NC Lab Patients

    UFCW Data Breach Risks Social Security Data

    Cyberattack Paralyzes French Hauts de Seine

    Santa Fe City Loses $324K In Hacker Scam

    Belgium Housing Hit by Ransomware Attack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial