'Income Tax Explanation Materials Guide.zip'... Beware of Malicious Files Impersonating the National Tax Service
Recent Increase in Malicious File Distribution in Korea
"Careful Verification of Email Senders Required"
Numerous malicious LNK (shortcut) files impersonating public institutions such as the National Tax Service and universities have been identified.
According to AhnLab on the 2nd, recent cases of malicious file distribution using LNK targeting domestic users have been detected. The malicious LNK files confirmed by AhnLab are presumed to be distributed via URLs (internet addresses) attached to emails.
Korean document impersonating the National Tax Service distributed along with a malicious LNK file. Provided by AhnLab
View original imageWhen the URL is clicked, a compressed file named 'Comprehensive Income Tax Filing Explanation Submission Guide.zip' is downloaded, containing two legitimate Hangul documents and a malicious LNK file.
However, AhnLab explained that currently, the compressed file downloaded from the problematic URL contains only three legitimate Hangul documents. It appears that the attacker distributed the malicious files only for a short period to make subsequent analysis and tracking difficult.
The malicious file named 'National Tax Service Comprehensive Income Tax Explanation Submission Guide.lnk' inside the compressed file is attached with approximately 300MB of dummy data and includes a malicious PowerShell command.
The PowerShell command first creates and executes a legitimate Hangul document named 'National Tax Service Comprehensive Income Tax Explanation Submission Guide.hwp' from within the file.
Then, it creates and extracts a compressed file located inside the LNK file to a specific path, stealing user information and downloading additional malicious files.
Besides impersonating the National Tax Service, malicious LNK files disguised under various themes such as 'Council Participating Organizations Status,' 'Ministry of Unification Organizational Restructuring Explanation Materials,' 'Parking Registration Application - Student Use,' and 'Course Registration Correction Form' have been found to be distributed.
Hot Picks Today
!["Stock Set to Double: This Company Smiles Every Time a Data Center Is Built [Click e-Stock]"](https://cwcontent.asiae.co.kr/asiaresize/93/2026050416112750184_1777878687.jpg)
"Stock Set to Double: This Company Smiles Every...
- "Is Yours Just Gathering Dust at Home? Millennials & Gen Z Rediscover Digicams O...
- "Continuous Groundwater Pumping Causes Mexico City to Sink 24cm Annually... 'Gia...
- "I Take Full Responsibility"... Seongjae Ahn Issues Direct Apology for 'Wine Swi...
- “She Shouted, ‘The Rope Isn’t Tied!’... Chinese Woman Falls from 168m Cliff ...
An AhnLab official advised, "The number of malicious LNK file distributions targeting domestic users has recently increased, and additional damage may occur depending on the downloaded files. It is recommended to carefully check the email sender and avoid opening files from unknown sources."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
