Inksquid

InkSquid is a dangerous malware, also known as CloudMensis, RedEyes, BadRAT, Reaper, or ScarCruft, that is associated with APT37. This malicious software is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. It has been identified by Liang as a significant threat due to its ability to identify where System Integrity Protection (SIP) is disabled in order to load its own malicious database. The same researcher, Liang, also identified another malware from the Lazarus Group, which attempts to dump the access table from the TCC database. Both of these malwares are particularly threatening because they target specific vulnerabilities within systems to gain unauthorized access and control. The Lazarus Group malware and InkSquid both exhibit aggressive behaviors, suggesting that their creators have a deep understanding of the systems they're targeting and are persistent in their efforts to exploit these systems. Securonix has reported that APT37, also known as InkSquid, RedEyes, BadRAT, Reaper, ScarCruft, and Ricochet Chollima, has been spreading malicious emails relating to Cambodian affairs, and in Cambodia's primary language, Khmer, to lure in targets. While detailed victimology was not shared, this strategy indicates a targeted approach, aiming at specific individuals or organizations that would be interested in Cambodian affairs. These tactics show a level of sophistication and strategic planning that poses a serious threat to potential victims.