ESTsecurity reported NCSC joint-analysis findings that a state-backed hacking organization was distributing malware disguised as legitimate installers, including a fake Korea Internet & Security Agency security update. The observed file used the name KISA-Security-Upgrade and, when run, registered itself to start automatically whenever the user’s PC booted. The malware collected information from the infected system and sent it to an attacker-controlled server. The source warns that similar lures may impersonate Windows updates, browsers, or commercial software installers and says ALYac detection was urgently updated, including Trojan.Agent.533504A for the observed malicious file.