AsiaInfo Security analyzed a suspected Kimsuky backdoor masquerading as an ESET software updater during COVID-19-themed targeting of South Korea. The malware created a GoogleUpdate_01 mutex, encrypted strings for functions, files, paths, and registry names, copied itself to a temporary directory, and added persistence before showing a fake update-success prompt. It generated network request fields from local network and system-version data, then handled C2 commands labeled with animal names such as tiger, lion, wolf, monkey, fox, and cat. The tiger command path executed system discovery commands such as dir and systeminfo, wrote results to tmp.LOG, and sent them back to the server, showing an information-collection focus consistent with earlier Kimsuky tradecraft.