April 2026 Security Issues in Korean & Global Financial Sector

**Executive summary:** The report details coordinated malicious activity against the financial sector: phishing lures (Korean-language filenames) delivering backdoor/downloader/dropper and infostealer/ransomware families, credential exfiltration via Telegram, exploitation of an RCE in WGear (actively abused by Andariel using GeniexLoader linked to BlueNoroff/APT38), and numerous dark-web sales of breached customer data and access; several MD5 hashes for samples are provided as IOCs.