VERY IMPORTANT

AhnLab Security Intelligence Center discovered malware signed with Nexaweb Inc.'s certificate, linked to the Kimsuky group's activities. The malware, tracked as Larva-25004, was found in two files signed on May 24 and 28, 2024. When executed, it displays a PDF file related to employment as bait, likely targeting individuals interested in defense company jobs. The certificate's authenticity is still under investigation. The malware's characteristics match those of files signed with a Korean company's certificate, previously reported in connection with Kimsuky. This incident highlights the ongoing threat of certificate exploitation by sophisticated threat actors.