View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Koreans are being targeted with memo malware

Symantec warns of trojan dropped through free car inspection offer.

By Jimmy Nicholls

Hackers are attacking a Korean organisation with malware disguised as an internal memo offering a free car inspection, according to security firm Symantec.

Once downloaded the Baccamun trojan opens a backdoor on the infected machine, leaving the computer vulnerable to commands issued by the hacker as well as malicious downloads.

Symantec said: "With a Word document in decent Korean, a marker string that can be translated to a Japanese word, and a Japanese word represented in Chinese GB character codes, it can be difficult to make a guess at who the attacker is.

"However, it is likely that the attacker or attacker group is operating somewhere in East Asia and possesses multilingual skills."

The malware connects to a dynamic DNS that continually alters the domain name, preventing the hacker’s location from being identified.

A Dropper trojan was also said to have been sent to the Korean organisation containing the same backdoor malware, disguised as an executable file named after a Japanese company.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.