The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express).
"The threat actor leveraged QR codes and notification pop-ups to lure victims into installing and executing the malware on their mobile



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/12/kimsuky-spreads-docswap-android-malware.html