AhnLab Warns of Malware Disguised as Year-End "Employee Performance Report"
Phishing Emails Distributed During Performance Review Season
Remote Control Malware Activated When Downloading or Running Email Attachments
Phishing email disguised as an employee performance report. Image provided by AhnLab
View original imageAhnLab recently discovered a phishing email distributing malware disguised as an employee performance report and on December 24 urged users to exercise caution.
According to the case disclosed by AhnLab, the attacker impersonated a corporate HR team and sent an email titled "Employee Performance Report." This phishing attack targeted the year-end and New Year period, when HR-related notification emails become more frequent, exploiting a time when employees tend to be less vigilant.
The attacker attached a file to the email and included a message inside the file stating, "All names marked in red indicate employees scheduled for dismissal," prompting recipients to check the contents. The email contained an attachment named "staff record pdf," but the actual file extension ".rar" was hidden to make it appear as a regular PDF document.
If a user opens the attachment, a compressed file is downloaded, and running the executable file (.exe) inside triggers the malware. This malware was analyzed as a remote control tool capable of various malicious activities, such as capturing PC screens and keystrokes, accessing the webcam and microphone, and stealing information stored in web browsers.
To prevent phishing email damage, AhnLab emphasized the importance of following basic security guidelines: verifying the sender's email address and domain validity; refraining from opening attachments or URLs in emails from unknown sources; applying the latest security patches to PCs, operating systems, software, and browsers; and enabling real-time antivirus monitoring.
Moonju Lim, Manager of the AhnLab Analysis Team who analyzed this case, said, "During the year-end and New Year period, phishing attacks exploiting timely issues such as performance evaluations, organizational restructuring, salary negotiations, bonuses, and annual leave may increase. It is important to carefully check the sender and contents of emails and to share suspicious cases with colleagues to prevent damage."
Hot Picks Today
!["Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①](https://cwcontent.asiae.co.kr/asiaresize/93/2026051914165468840_1779167814.png)
"Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①
- "No Cure Available, Spread Accelerates... Already 105 Dead, American Infected"
- [Breaking] President Lee: "South Korea and Japan to Respond Jointly to Middle East Situation, Agree on Close Cooperation for Supply Chains and Energy"
- "Not Jealous of Winning the Lottery"... Entire Village Stunned as 200 Million Won Jackpot of Wild Ginseng Cluster Discovered at Jirisan
- "How Did an Employee Who Loved Samsung End Up Like This?"... Past Video of Samsung Electronics Union Chairman Resurfaces
Meanwhile, AhnLab provides updates on various phishing attack trends, security advisories, and indicators of compromise (IoCs), including this case, through its next-generation threat intelligence platform, AhnLab TIP. In addition, the V3 product line and the sandbox-based APT response solution, AhnLab MDS, offer detection capabilities for malicious files distributed via these emails.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
