New Chinese cyberespionage campaign targeted South Korean VPN service

Execution of a trojanized installer triggers deployment of a loader with another DLL eventually resulting in the running of SlowStepper, which supports commands enabling extensive system info theft, file deletion, Python module execution, and self-deletion, an analysis from ESET revealed.

Go to Source