TV show and movie fans are being targeted by a malicious campaign that distributes a GoBot2 backdoor variant via files downloaded from several South Korean and Chinese torrent sites.
The malware dubbed GoBotKR by the ESET researchers who discovered it is being disseminated as part of a campaign started back in May 2018, with hundreds of samples having already been detected on the compromised computers of users from South Korea, China, and Taiwan.
GoBotKR has been developed to specifically target South Korean fans and this is shown by the South Korea-specific evasion techniques added to the original GoBot2 backdoor.
The GoLang-based GoBotKR backdoor is built by customizing the GoBot2 malware publicly available since March 2017 and the features added using GoLang libraries get executed on compromised computers with the help of legitimate Windows binaries and "third-party utilities such as BitTorrent and uTorrent clients."
ESET researchers dissect a malicious campaign that targets mainly South Korean users and spreads a backdoor via torrents, using local TV content as a lure.