Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

North Korean hacking group Kimsuky (aka Thallium, Black Banshee) first became active in 2012 and has carried out attacks on targets engaged in Media, Research, Politics, and Diplomacy, etc around the world. The group mainly attempts to collect by distributing malware and taking over accounts through spear-phishing attacks. Attacks have mainly targeted Windows, though instances of attacks on Android devices have likewise been discovered.

In November 2020, we found the mobile version of the AppleSeed family used by Kimsuky group. In that sample, the group even called themselves Thallium, a name given by Microsoft. We published our analysis on VB2021 localhost. Unveil the evolution of Kimsuky targeting Android devices