
This image shows a malicious file disguised as a tax invoice. Courtesy of ESTSecurity
Fake tax invoice files embedded with malicious code linked to North Korean hackers have been found circulating online in a security threat targeting South Koreans, according to a Seoul-based cybersecurity company Tuesday.
ESTSecurity said it has identified KimJongRAT-infected files circulating online, noting the remote access Trojan is believed to be linked to the Pyongyang-sponsored hacking group Kimsuky.
The file, disguised as a PDF document, actually contained a shortcut that directed users to a link leading to the download of malicious files.
The security company said the malicious code was precisely tailored to target South Korean users.
"While Microsoft is enhancing security, KimJongRAT remains an extremely effective attack method in environments with weak security features," ESTSecurity said, noting that users should keep their software updated.
ESTSecurity also advised users to check file extensions before executing files.