Younglimwon Soft Lab reported that an external developer server was compromised after attackers abused a file-upload vulnerability to create a web shell and modify an update module. Devices that accessed devout.ksystem.co.kr between December 19 and December 27, 2017 were assessed as exposed to second-stage malware through the altered ClientUpdater.exe module. The company said it worked with government agencies to remove the vulnerable server condition, identify affected systems, remove malware, reinstall operating systems where needed, and inspect customers with the same upload vulnerability. The excerpt does not attribute the intrusion to a named actor or provide malware family details, but it documents a supply-chain style compromise through a software update path.