Go to Contents Go to Navigation

U.S.-N. Korea summit email used to spread malware in S. Korea

All News 14:45 June 01, 2018

SEOUL, June 1 (Yonhap) -- Emails with an attachment containing a malware virus have spread across South Korea by using the summit meeting between North Korea and the United States as a form of bait, U.S. networking company Cisco Systems said Friday.

The emails with an attached Hangul Word Processor (HWP) document, with the title translated in English as "prospect and preparations for U.S.-N.Korea summit," were sent to Naver Mail accounts, the email service of Naver Corp., South Korea's top Internet portal operator, the company said.

If a malicious document is opened, a remote access Trojan called "NavRAT" is downloaded, which can perform various actions on the victim's computer, including command executions. The malware also has keylogging capabilities that can pose serious security problems, a source said.

In South Korea, the HWP file format can be used to embed Encapsulated PostScript (EPS) within a document. Once opened this can carry out malicious attacks on computer systems.

The use of the summit as a way to spread the virus comes as there is keen interest in the country in regards to the preparations for a potential summit between North Korean leader Kim Jong-un and U.S. President Donald Trump, which will likely take place in Singapore on June 12 to discuss the denuclearization of the Korean Peninsula.

This photo provided by Cisco Systems on June 1, 2018, shows the captured image of an attached file containing a malware virus that posed as a file about a summit meeting between North Korea and the United States. (Yonhap)


Send Feedback
How can we improve?
Thanks for your feedback!