360 Threat Intelligence Center recently found an attack against South Korean mobile banking users. First activity may back to December 22, 2018, and until this document is finished, attack is still ongoing. Both malware samples and C2 infrastructure are written in Korean. So we believe this attack is run by actors from South Korea.

https://ti.360.net/blog/articles/kbuster-fake-bank-app-in-south-korean-en/