Trend Micro reports that malicious Hangul Word Processor attachments abused improperly restricted Encapsulated PostScript handling in older HWP versions to gain a foothold on victim systems. The activity did not rely on a conventional exploit; instead, PostScript file-manipulation capability was used to place shortcuts or malicious files into Startup folders and wait for a reboot. Observed lures included themes such as Bitcoin and Financial Security Standardization, reflecting document-based social engineering against HWP users. Trend Micro detected related files as TROJ_HWDOOR.A, TROJ_HWDOOR.B, TROJ_MALEPS.B, and TROJ_HWDOOR.SMZBEH-A, and recommended upgrading to HWP 2014 or later.