North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

📅 13 April 2026 at 09:15 UTC📰 The Hacker NewsView original source ↗

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

North Korean APT37 group used social engineering tactics on Facebook to gain trust and deliver RokRAT malware, a remote access trojan that allows for unauthorized access to targeted systems. This campaign highlights the evolving threat landscape of nation-state actors using social media platforms as vectors for malicious activity.

⚙️Technical Details

Affected Systems

Facebook

Attack Vectors

Social engineering via Facebook friend requests

💥Impact Assessment

Severity: H

Who Is at Risk

Individuals and organizations with access to Facebook accounts

🛡️Recommended Actions

1Implement strict social media account security measures, including two-factor authentication and password management.

2Regularly monitor and review social media activity for suspicious behavior.

3Ensure all software and systems are up-to-date with the latest security patches.

📦Affected Products

Facebook

Read the full article

This is a curated summary. The complete article is available at The Hacker News.

Read on The Hacker News ↗

← Back to feed