KakaoTalk Desktop for Windows is being abused by the North Korean Konni APT group as a secondary propagation vector in the EndRAT campaign — no CVE is involved, but the application’s authenticated desktop session is hijacked post-compromise to distribute malware to the victim’s trusted contacts. Organizations with Korean-speaking employees or partners using KakaoTalk for business communications face lateral spread risk that extends beyond the initially compromised host to external contacts and partner organizations. Immediate actions include inventorying KakaoTalk Desktop installations on managed Windows endpoints, isolating suspected compromised hosts, and force-terminating active KakaoTalk sessions on any system showing LNK execution or anomalous scheduled task creation.