Malicious Code Disguised and Delivered as South Korean Ministry of National Defense Document
released on 2021-02-03 @ 03:42:15 PM
On January 24, ASEC confirmed the situation in which malicious codes were distributed together, disguised as the document'Amendment of the Ministry of Defense's Business Report in 2021'. The extension of the malicious code was created and distributed as *.pif as shown below, and this is an executable file like the EXE extension. When executing the file, the same file as the contents of the normal PDF document currently provided on the homepage of the Ministry of Defense is shown to the user as shown in the figure below. However, it has a structure in which malicious files (DLL format) are created and executed (without the user's knowledge) along with normal PDF document files.