14 DAY TRIAL // On June 25, South Korea issued a cyber security alert because a number of government websites had been compromised by hackers. It’s uncertain if it’s related, but, on the same day, Trend Micro experts came across another interesting attack.
Cybercriminals compromised the auto-update mechanism of SimDisk, a South Korean file-sharing and storage service.
The SimDisk installer file, SimDisk.exe, is configured to automatically download updates from a specific website. However, the attackers compromised this website and uploaded a malicious version of the installer.
The malicious installer downloads the legitimate software, but it also retrieves a malicious component detected by Trend Micro as TROJ_DIDKR.A.
The IT security company is still investigating the incident.
In the meantime, the SimDisk website has been shut down for an emergency repair, so it’s likely that the company has become aware of the issue.