Koreans are being targeted with memo malware

Hackers are attacking a Korean organisation with malware disguised as an internal memo offering a free car inspection, according to security firm Symantec.

Once downloaded the Baccamun trojan opens a backdoor on the infected machine, leaving the computer vulnerable to commands issued by the hacker as well as malicious downloads.

Symantec said: "With a Word document in decent Korean, a marker string that can be translated to a Japanese word, and a Japanese word represented in Chinese GB character codes, it can be difficult to make a guess at who the attacker is.

"However, it is likely that the attacker or attacker group is operating somewhere in East Asia and possesses multilingual skills."

The malware connects to a dynamic DNS that continually alters the domain name, preventing the hacker’s location from being identified.

A Dropper trojan was also said to have been sent to the Korean organisation containing the same backdoor malware, disguised as an executable file named after a Japanese company.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing