Malicious Campaign Targets South Korean Users with Backdoor-Laced Torrents (Jul 8, 2019)
A campaign has been discovered targeting fans of Korean television in attempts to distribute a modified version of the open-source backdoor called “GoBot2,” according to ESET researchers. GoBot2 is being distributed via torrent sites masquerading as South Korean games, movies, and television shows. This campaign has been ongoing since at least March 2018 with the most infections found to be in South Korea, China, and Taiwan. The torrent sites utilized in this campaign attempt to convince users “into executing the malware by booby-trapping the content of the torrents with malicious files that have deceptive filenames, extensions and icons.”
Recommendation: This story depicts the dangers of downloading free entertainment media, such as movies, from Torrent downloads. The appeal of free access to movies and other forms of entertainment has resulted in many users being infected with malware after downloading it themselves. These kind of downloads bring with it inherent risk and policies should be in place that prevent these type downloads from occurring on company networks.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.