The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express).”The threat actor leveraged QR codes and notification pop-ups to lure victims into installing and executing the malware on their mobile
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html
