ESTsecurity’s ESRC reports a Kimsuky campaign distributing malware disguised as a legitimate “Mail Online Security” installer, assessed as a variant of activity previously warned about by South Korea’s NCSC/KISA. The lure used an ISO containing setup.exe with security-program branding; execution displayed a fake installer while unrar.exe unpacked password-protected plugin DLLs in the background. The DLL chain injected a payload into Chrome, copied Chrome into ProgramData, placed a malicious version.dll for DLL hijacking, registered “Chrome Updater” for autorun, and ultimately ran a command-and-control component. ESRC linked the activity to Kimsuky’s Blue Estimate campaign and noted capabilities including self-deletion, file upload/download, and process PID/name reporting.