Rogue GOM Player Update That Installed Malware at Japanese Nuclear Plant Analyzed

Archive containing malicious GOM Player installer

Security researchers have analyzed the malicious GOM Player update file that was installed on a computer at the Monju fast-breeder reactor in Japan. The malware was detected after a worker installed an update for video playback software, namely GOM Player.

Kaspersky researchers say the nuclear plant employee responsible for the infection downloaded a file called GoMPLAYER_JPSETUP.EXE. This is actually a self-extracting RAR archive file that contains a legitimate update for GOM Player and another executable in RAR format (GOMPLAYERBETASETUP_JP.EXE).

This second archive contains five malicious files that unleash a backdoor detected by Kaspersky as Backdoor.Win32.Miancha.

The investigation is ongoing, so Japanese authorities haven’t provided too many details on the incident.

After news of it came to light, experts noted that this probably wasn’t an attack targeted at the nuclear facility, but a random infection caused by an employee’s carelessness. However, they’ve warned that nuclear plants, even defunct ones, should focus more on cybersecurity to prevent such incidents.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s