Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

DocSwap

Kimsuky campaign uses QR codes to deliver DocSwap Android malware, South Korean firm says

Cybercrime, News, Research, Vendors

December 18, 2025

South Korean firm ENKI linked the North Korean actor Kimsuky to a campaign distributing a DocSwap Android trojan via QR codes on phishing sites impersonating CJ Logistics; the malware decrypts an embedded APK, registers a RAT service and accepts many remote commands.

About
Editorial Policy
Privacy
Contact