From malware.news
On May 26th, the ASEC analysis team discovered the distribution of AppleSeed disguised as a Wi-Fi router firmware installer. Previously discovered AppleSeed strains were mainly distributed by disguising themselves as normal document or image files. The dropper malware that creates AppleSeed either used script formats such as JS (Java Script) and VBS (Visual Basic Script), or had a pif extension to disguise itself as a document file that works as .exe file. For this case, it used the icon and filename that is the same as that of installer (see Figure 1 below).