Microsoft discovers North Korean malware in legitimate CyberLink downloader

Hackers under the supposed command of North Korea have infiltrated the application installer of CyberLink, a Taiwanese facial recognition provider, to execute a supply chain attack against foreign financial institutions. Microsoft’s Threat Intelligence team detected the threat, which involved a malicious, second-stage payload that was downloaded if specific security software was absent. The compromised installer impacted over 100 devices in various countries. Microsoft is tracking the malicious software, known as “LambLoad,” and added the compromised certificate to its disallowed list.