Skip to main content

Malicious campaign targets South Korean users with backdoor-laced torrents

posted onJuly 8, 2019
by l33tdawg
We Live Security
Credit: We Live Security

Fans of Korean TV should be on the lookout for an ongoing campaign spreading malware via torrent sites, using South Korean movies and TV shows as a guise. The malware allows the attacker to connect the compromised computer to a botnet and control it remotely.

The malware is a modified version of a publicly available backdoor named GoBot2. The modifications to the source code are mainly South Korea-specific evasion techniques, which are described in detail in this blogpost. Due to the campaign’s clear focus on South Korea, we have dubbed this Win64/GoBot2 variant GoBotKR.

According to ESET telemetry, GoBotKR has been active since March 2018. The detections are in the hundreds, with South Korea being the most affected (80%), followed by China (10%) and Taiwan (5%).

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th