gom-player
GOM Player update mechanism abused to deliver malware to Korean targets
In mid-2013, suspected DPRK-aligned actors abused the auto-update mechanism of GOM Player — a popular Korean media player by Gretech — to deliver malware to selected South Korean targets. Compromised at the same broad period as SimDisk and other Korean software supply-chain incidents in the DarkSeoul cluster. The malicious update was served through GOM Player's official update channel and signed/packaged to appear legitimate. Public technical detail is sparser than for SimDisk; the incident is most often referenced in roundups of Korean software-update supply-chain compromises rather than a single canonical writeup.
- Date
- 2013-07-01 to 2013-12-31
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Update infrastructure compromise
What Was Affected
Package
gom-player
Languagec++
ComponentApplication
Artifact typebinary archive
Domain typevendor
Domain
gomlab.com
Incident Context
- Motive
- Espionage
- Attribution
- Nation-state
- Transitive
- No
- Observed Duration
- 183 days
External References
Source Data
Source record: proprietary/gom-player/meta.yaml