Malware Disguised as Installer from Korean Public Institution (Kimsuky Group)

AhnLab SEcurity intelligence Center (ASEC) recently discovered the Kimsuky group distributing malware disguised as an installer from a Korean public institution. The malware in question is a dropper that creates the Endoor backdoor, which was also used in the attack covered in the previous post, “TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group)”. [1]

While there are no records of the dropper being used in actual attacks, there was an attack case that involved the backdoor created …

ahnlab asec attack backdoor center disguised dropper endoor installer intelligence kimsuky malware malware analysis public question security security intelligence systems trollagent