Hackers are attacking a Korean organisation with malware disguised as an internal memo offering a free car inspection, according to security firm Symantec.
Once downloaded the Baccamun trojan opens a backdoor on the infected machine, leaving the computer vulnerable to commands issued by the hacker as well as malicious downloads.
Symantec said: "With a Word document in decent Korean, a marker string that can be translated to a Japanese word, and a Japanese word represented in Chinese GB character codes, it can be difficult to make a guess at who the attacker is.
"However, it is likely that the attacker or attacker group is operating somewhere in East Asia and possesses multilingual skills."
The malware connects to a dynamic DNS that continually alters the domain name, preventing the hacker's location from being identified.
A Dropper trojan was also said to have been sent to the Korean organisation containing the same backdoor malware, disguised as an executable file named after a Japanese company.