Preface: The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a malware variant— so called ELECTRICFISH.
Technical details: The malware implements a custom protocol like “Tor browser”. The aim to allows traffic by-pass defense mechanism in between source and a destination Internet Protocol (IP) address. The malware continuously attempts to reach out to the source and the designation system, which allows either side to initiate a funneling session.
Comment: Seems malware designer aware that their operation will be terminated by malware detector especially company which installed “FireEye”. The successful factor of the infection all depends on thier infection path. May be it is a phishing, or hide himself in a 3rd party software drivers. From technical point of view, their activities is not easy discovered by antivirus program once malware successful install. But it is rare that even “Virustotal” do not have their information till now.
Headline News via following link : https://www.washingtonexaminer.com/news/us-government-unveils-new-north-korean-hacking-tool-as-tensions-continue-to-rise