Kandji Blog

DPRK DriverEasy & ChromeUpdate Deep Dive

Over the last few months, several Swift applications have been attributed to the North Korea Contagious Interview effort. These applications are presented to victims as part of a fake job interview process. SentinelOne recently published a blog post on “Flexible Ferret” and other related applications including two named ChromeUpdate (which was originally covered by dmpdump in their blog post) and CameraAccess. Moonlock Lab also recently covered the ChromeUpdate and CameraAccess applications in a blog post, which provided an overview of what they do. In this article, we will take a deep dive into another related application named DriverEasy, which was recently uploaded to VirusTotal, to understand how it works and compare it to the other two DPRK attributed applications…