Beware of '*.lnk' Files... North Korean Hacking Group Distributes Malware
North Korean Hacking Group ‘APT37’ Distributes Malware
Disguised as Shortcut for Infiltration... Special Caution Required
North Korean hacking groups are distributing malicious code using Windows shortcut files, prompting the need for caution.
According to domestic security company AhnLab on the 23rd, the North Korean hacking group ‘APT37’ has recently been distributing the malicious code RokRAT through Windows shortcut files with the extension ‘*.link’.
RokRAT collects user information and can additionally download malicious code, which may cause secondary damage if infected. RokRAT has previously been distributed through Hangul and Word documents.
![[Image source=Pixabay]](http://www.asiae.co.kr/news/img_view.htm?img=2023042316373197971_1682235450.jpg)
The lnk filenames confirmed so far include ‘230407jeongboji.lnk’, ‘2023nyeondo 4wol 29il seminar.lnk’, ‘2023nyeondo gaeinpyeongga silsi.hwp.lnk’, ‘buk oegyo gwan seonbalpadang mit haeo gonggwan.lnk’, and ‘bukhan oegyo jeongchaek gyeoljeong gwajeong.lnk’.
The lnk files identified this time contain PowerShell commands, a programming language natively installed on Windows. They operate by creating and executing script files alongside legitimate files in the temporary folder path to perform malicious actions.
AhnLab urged, “RokRAT malware has been steadily distributed since the past and is spread not only through Word documents but also through various file formats, so users need to exercise special caution.”
Hot Picks Today
"Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"
- "Contracts Signed Without Viewing at 1.6 Billion Won"... Jamsil and Seongbuk Jeonse Prices Jump 200 Million Won in a Month [Real Estate AtoZ]
- [Breaking] Blue House expresses "deep regret over Samsung negotiation breakdown... urges both sides to do their best for a final agreement"
- "Don't Throw Away Coffee Grounds" Transformed into 'High-Grade Fuel' in Just 90 Seconds [Reading Science]
- "Even With a 90 Million Won Salary and Bonuses, It Doesn’t Feel Like Much"... A Latecomer Rookie Who Beat 70 to 1 Odds [Scientists Are Disappearing] ③
Meanwhile, APT37, identified as the distributor, is a group that has attacked domestic North Korea-related organizations and defense sector personnel using the latest security vulnerabilities. It is known by various names such as ‘Geumseong121’, ‘Skarkraft’, ‘RedEyes’, and ‘Group123’.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
