Threat Intelligence Report

Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App

📅 January 27, 2026 📰 thehackernews.com 🔍 1 CVE(s) referenced

North Korean threat actor Kimsuky is deploying advanced Android and Windows remote access trojans via QR code phishing and tax-themed lures, leveraging fake delivery and VPN apps to exfiltrate sensitive data and enable coordinated cyber espionage and financial theft.

news

CVE-2024-38193

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle