VBS Script Disguised as PDF File Being Distributed (Kimsuky)

From malware.news

On March 23rd, the ASEC analysis team has discovered APT attacks launched by an attack group presumed to be Kimsuky, and they targeted certain Korean companies. Upon running the script file with the VBS extension, the malware runs the innocuous PDF file that exists internally to trick the user into thinking that they opened an innocuous document file and uses a malicious DLL file to leak information. Taking PDF file into consideration, it seems the attacker is targeting precise-refinement industries. See the figure below for details of PDF file.

Read more…