Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

Updated on December 18, 2025

The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express).
“The threat actor leveraged QR codes and notification pop-ups to lure victims into installing and executing the malware on their mobile…

Read the rest of the story at Read More

Source: The Hacker News

October 9, 2024 Uncategorized

Researchers Uncover Major Security Vulne...

October 6, 2025 Uncategorized

Chinese Cybercrime Group Runs Global SEO...

November 15, 2024 Uncategorized

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

Related posts

Researchers Uncover Major Security Vulne...

Chinese Cybercrime Group Runs Global SEO...

Bitfinex Hacker Sentenced to 5 Years, Gu...

Leave a Comment Cancel reply

Recent News

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

The Case for Dynamic AI-SaaS Security as Copilots Scale

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks