KakaoTalk’s Windows desktop client is being abused by the North Korean Konni group as a secondary malware distribution channel: once a victim is compromised via a malicious LNK-delivered AutoIt RAT (EndRAT), the attacker hijacks the victim’s active KakaoTalk session to send malicious ZIP archives to trusted contacts, bypassing sender-reputation controls. No CVE or vendor patch applies; this is a session-abuse technique exploiting legitimate functionality. Organizations using KakaoTalk on corporate endpoints should monitor the KakaoTalk process for anomalous file-send behavior and restrict LNK execution from user download directories.