VERY IMPORTANT

A new malware called Troll Stealer has been discovered, which is believed to originate from the North Korean APT group Kimsuky. Troll Stealer is an information-stealing malware written in Go language that exfiltrates data including SSH credentials, FileZilla information, browser data, system info, and screen captures. It is distributed via droppers disguised as Korean security software installers, signed with a stolen certificate from D2innovation Co. LTD. Troll Stealer appears related to previous Kimsuky malware AppleSeed and AlphaSeed based on code similarities, and specifically targets the GPKI certificate folder on systems, suggesting it is aimed at government and administrative organizations in South Korea.