VERY IMPORTANT

A recent report details malware disguised as an installer from a Korean public institution. The malware is a dropper that installs the Endoor backdoor, which was used in previous attacks. The dropper appears legitimate with fabricated version info and a valid certificate. It extracts and executes the Endoor backdoor. Endoor sends system info and has features like command execution and file operations. It was seen stealing credentials with Mimikatz and taking screenshots. Endoor was updated and used alongside Nikidoor backdoor. Users should update antivirus to prevent infection.