Hiromu Kubiura

I joined Yahoo Japan Corporation (now LINE Yahoo Corporation) as a new graduate in 2023. I am part of the threat analysis team, where I analyze malware popular in Japan and other countries. I gave a joint presentation at Black Hat USA 2023 Arsenal “Z9 - Malicious PowerShell Script Analyzer”.

maline: Unofficial LINE Installer and the Actor Groups

In this presentation, we will discuss the actor groups distributing fake LINE installers for PC versions that have been observed in Southeast Asia and East Asia. The fake LINE installer installs the legitimate LINE application, but then deploys a second stage installer in the background to execute the attack. This method has been observed since around 2022, but it is still being distributed from various fake websites, and we have confirmed the existence of variants of the binary. We will continue to clarify the relationship between the attack method of this malware and the actors distributing it.