Korean Word Processor Scam Alert Orcus RAT Lurking in Cracked Versions

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Orcus RAT, formerly known as Schnorchel, first appeared in April 2016 and allows for remote control of infected systems. Intruders are attempting to deploy a variant of Orcus RAT along with XMRig CoinMiner, disguised as a cracked version of Hangul Word Processor 2022, in an ongoing campaign. The malicious programs were distributed and infected via several file-sharing sites.