Malicious Campaign Targets South Korean Users with Backdoor-Laced Torrents

description: A campaign has been discovered targeting fans of Korean television in attempts to distribute a modified version of the open-source backdoor called “GoBot2,” according to ESET researchers. GoBot2 is being distributed via torrent sites masquerading as South Korean games, movies, and television shows. This campaign has been ongoing since at least March 2018 with the most infections found to be in South Korea, China, and Taiwan. The torrent sites utilized in this campaign attempt to convince users “into executing the malware by booby-trapping the content of the torrents with malicious files that have deceptive filenames, extensions and icons.”

publish date:

reference :

IOC Table
total 5
type value
CVE CVE-2019-2109
CVE CVE-2019-3396
CVE CVE-2019-2106
CVE CVE-2019-2107