Constantly Evolving MoonPeak RAT Linked to North Korean Spying

A malware called MoonPeak, which is connected to North Korea’s Kimsuky group, is being spread using a network of command-and-control servers and other systems. It is a new version of the open-source XenoRAT malware and features several modifications aimed at obfuscating the malware and making it harder to analyse. MoonPeak retains many of XenoRAT’s capabilities, including keylogging and bypassing User Access Control. The consistent changes to the malware suggest that it is still actively being developed.