APT37 Uses Facebook to Deliver RokRAT

North Korean hacking group APT37 uses Facebook to execute a sophisticated social engineering campaign. This cyber espionage endeavor involved targeting unwary users by forming connections through friend requests on the social media platform. Threat actors leveraged these newly established relationships to deploy RokRAT, a remote access trojan that can exfiltrate sensitive data. APT37, also known as ScarCruft, orchestrated this multi-stage attack to exploit Facebook’s vast user base, transforming an innocuous trust-building exercise into a vector for malware distribution. The campaign highlights the group’s opportunistic approach to cyber threats. Cybersecurity experts underscore the importance of vigilance in social interactions, especially on platforms like Facebook. Experts urge users to scrutinize friend requests and be wary of communicating with unknown contacts to safeguard against similar attacks. For a deeper dive into how APT37 uses Facebook, read the full article at the provided link.

https://thehackernews.com/2026/04/north-koreas-apt37-uses-facebook-social.html