14 DAY TRIAL // An update server of Korean software vendor ESTsoft was compromised and used to push malware to customers in an attack possibly related to the recent SK Communications data breach.
ESTsoft develops software products for both consumers and companies which include an archiving utility, a password manager, a media player, a FTP prgram and even an antivirus program.
The company published an advisory informing customers about a serious vulnerability in a DLL file that handles updates for most of its products.
The vulnerability allowed attackers to push a malicious file onto people's computers which Trend Micro detects as BKDR_SOGU.A.
Security researchers working for the company previously tied BKDR_SOGU.A to the massive data breach on the popular NATE and Cyworld websites operated by SK Comms.
The main characteristic of this malware is that it was designed to steal information from SQL databases found on infected systems.
According to various reports, the data breach which affected as many as 35 million people might have been instrumented by hackers working for North Korea.
"As of today, the details of the attack are still incomplete but the above suggests that ESTsoft is one possible infection vector, among others, that may eventually have led to the SK Comms data breach," the Trend Micro researchers write.
"In this case, ESTsoft may have been a useful infection vector to host the malicious file while SK Comms served as a good target due to its rich repository of information that can be of further use to cybercriminals," they add.
ESTsoft has issued a patch for the DLL vulnerability on August 4 and all users are urged to upgrade their products as soon as possible. The company is also assisting South Korean law enforcement agencies in their investigation.