ScarCruft, a threat actor linked to North Korea, is being connected to the exploitation of a Windows zero-day. The vulnerability, CVE-2024-38178, is being used to infect devices with RokRAT malware. The exploit is a memory corruption bug that can allow remote code execution. RokRAT can receive and execute commands from a remote server and gather data from applications such as WeChat. ScarCruft is being tracked as TA-RedAnt, and is also known as APT37, InkySquid, and Ruby Sleet. Users must update their operating systems and software security to avoid these types of attacks. 

Read more: https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html