Coreldraw-graphics-suite-2021-corporate-v23.5.0.506.dmg -

They had been spying on themselves.

"Delete it," Marcus said.

It wasn't the version number that worried me. It was the filename itself.

Somewhere, deep in the abandoned server racks of Floor B7, a virtual machine was running CorelDRAW. It had no monitor. No user. It was just the software, awake in the dark, silently re-compiling its own binaries, waiting for the next .confidential file to save. CorelDRAW-Graphics-Suite-2021-Corporate-v23.5.0.506.dmg

Marcus pulled up the deployment history. That specific build—v23.5.0.506—was never supposed to exist. The official release notes stopped at v23.5.0.505. The .506 build was an internal phantom, compiled on a Friday night at 11:59 PM by an engineer who had already been fired the previous Tuesday.

I ejected the DMG.

It was a keylogger wrapped in a ribbon menu. They had been spying on themselves

CorelDRAW-Graphics-Suite-2021-Corporate-v23.5.0.506.dmg

"He left a backdoor inside the bevel tool," Marcus muttered, incredulous.

Action: None. It’s already inside the firewall. It was the filename itself

The worst part? The file had been downloaded 847 times in the last three years. Every single download came from an internal IP address belonging to the Legal department.

We started the deep scan. The .bin file wasn't just a payload. It was a ghost. The software—CorelDRAW 2021, Corporate edition, build 23.5.0.506—was real. It installed perfectly. You could draw bezier curves, apply gradients, export to PDF. It was the perfect host.

"Apparently not," I said. "It's hiding inside a vector illustration of a coffee mug."

I double-clicked the DMG.

07:42 UTC, Systems Analyst Jenna Kline