A group with possible links to Chinese hackers has managed to break into the servers of NetSarang — a South Korean software maker — and has hidden a backdoor in the company's software packages.
According to Kaspersky Lab researchers, who spotted the backdoor in NetSarang applications last month, attackers published backdoored apps that were signed with a legitimate NetSarang certificate.
This discovery has led researchers to believe that attackers either took the company's legitimate apps and patched the software to add the backdoor trojan, or they managed to breach NetSarang's software build servers, where they added the backdoor to the source code itself and generated new app builds.
The hackers then replaced the legitimate NetSarang software packages with trojanized versions on the company's official download servers.
Full Article.
