SLOTHFULMEDIA is a remote access Trojan written in C++ that has been used by an unidentified "sophisticated cyber actor" since at least January 2017. It has been used to target government organizations, defense contractors, universities, and energy companies in Russia, India, Kazakhstan, Kyrgyzstan, Malaysia, Ukraine, and Eastern Europe.
In October 2020, Kaspersky Labs assessed SLOTHFULMEDIA is part of an activity cluster it refers to as "IAmTheKing". ESET also noted code similarity between SLOTHFULMEDIA and droppers used by a group it refers to as "PowerPool".
Associated Software Descriptions
Kaspersky Labs refers to the "mediaplayer.exe" dropper within SLOTHFULMEDIA as the JackOfHearts.
Kaspersky Labs assesses SLOTHFULMEDIA is an older variant of a malware family it refers to as the QueenOfClubs.
- DHS/CISA, Cyber National Mission Force. (2020, October 1). Malware Analysis Report (MAR) MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA. Retrieved October 2, 2020.
- Costin Raiu. (2020, October 2). Costin Raiu Twitter IAmTheKing SlothfulMedia. Retrieved November 16, 2020.
- USCYBERCOM. (2020, October 1). USCYBERCOM Cybersecurity Alert SLOTHFULMEDIA. Retrieved November 16, 2020.