AhnLab urged users to be cautious, saying it confirmed the distribution of malware via phishing emails disguised as an "employee performance report" or a "list of dismissed employees," timed to coincide with year-end performance reviews.
According to a case AhnLab released on the 24th, the attacker posed as a corporations HR team and sent an email titled "employee performance report," prompting recipients to open the attachment. The email included the line, "Names marked in red are scheduled for dismissal," stoking recipients' anxiety.
The attachment was disguised with the name "employee records pdf," but was actually a compressed file (.rar) with the extension hidden, and extracting it revealed an executable file (.exe). Analysis found that running the file installs a remote-control malware capable of collecting PC screen and keystrokes, accessing the webcam and microphone, and stealing information saved in the browser.
AhnLab recommended the following to prevent damage: ▲ check the sender's email address and domain ▲ do not open attachments or URLs from unknown sources ▲ keep operating systems and software up to date with the latest security patches ▲ enable real-time antivirus monitoring.
Im Mun-ju, an AhnLab analysis team manager, said, "At the end and beginning of the year, phishing attacks that exploit timely issues such as performance reviews, organizational reshuffles, and bonuses increase," and noted, "It is important to share suspicious emails immediately and refrain from opening them."