| Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
 |
2023-02-13 00:12:00 |
Web Page Disguised as a Naver Login Page (lien direct) |
On January 3rd, the ASEC analysis team covered a situation where a fake Kakao login page was used to steal the account credentials of certain individuals. Web Page Disguised as a Kakao Login Page The team has confirmed that the threat actor used a vulnerable website to create a domain. The same method described in the above post was used to create a fake Naver login page, and we will be covering it in this post. Emails impersonating Naver Help...
|
Threat
|
|
★★★
|
|
2023-02-13 00:10:00 |
AsyncRAT Being Distributed as Windows Help File (*.chm) (lien direct) |
The distribution method of malware has been diversifying as of late. Among these methods, a malware strain that uses the Windows Help file (*.chm) has been on the rise since last year, and has been covered multiple times in ASEC blog posts like the ones listed below. Recently, the distribution of AsyncRAT through CHM has been confirmed. The overall operation process is shown in Figure 1, and each step will be explained below. First, unlike the types covered in the...
|
Malware
|
|
★★
|
|
2023-02-13 00:06:00 |
Dalbit (m00nlight): Chinese Hacker Group\'s APT Attack Campaign (lien direct) |
0. Overview This report is a continuation of the “Attackers Using FRP (Fast Reverse Proxy) to Attack Korean Companies” post that was uploaded on August 16, 2022 and follows the group’s activities since that post. This group has always relied on open-source tools and lacked any distinct characteristics to profile them due to the lack of PDB information. Additionally, the amount of information that could be collected was limited unless the affected Korean companies specifically asked for an investigation since...
|
|
|
★★
|
|
2023-02-08 07:30:02 |
(Déjà vu) ASEC Weekly Malware Statistics (January 30th, 2023 – February 5th, 2023) (lien direct) |
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 30th, 2023 (Monday) to February 5th, 2023 (Sunday). For the main category, downloader ranked top with 39.3%, followed by Infostealer with 28.8%, backdoor with 27.0%, ransomware with 2.6%, and CoinMiner with 2.2%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place...
|
Ransomware
Malware
|
|
★★
|
|
2023-02-08 00:20:00 |
Redistribution of Magniber Ransomware in Korea (January 28th) (lien direct) |
On the morning of January 28th, the ASEC analysis team discovered the redistribution of Magniber disguised as normal Windows Installers (MSI). The distributed Magniber files have MSI as their extensions, disguising themselves as Windows update files. According to AhnLab's log system as seen in Figure 1, it can be noted that the distribution increased starting from January 27th. MS.Update.Center.Security.KB17347418.msi MS.Update.Center.Security.KB2562020.msi MS.Update.Center.Security.KB44945726.msi Figure 1. Increase in Magniber distribution confirmed by AhnLab's log system The site that is currently distributing Magniber is...
|
Ransomware
|
|
★★★
|
|
2023-02-08 00:00:00 |
Quasar RAT Being Distributed by Private HTS Program (lien direct) |
The ASEC analysis team has recently discovered the distribution of Quasar RAT through the private Home Trading System (HTS). No information could be found when looking up the HTS called HPlus that was used in the attack. Furthermore, the company’s name could not be found in even the clause of the installation process, so it is assumed that the victims did not install their HTS from an institutional financial company, but instead, they got HPlus HTS through an unsanctioned source...
|
|
|
★★
|
|
2023-02-07 02:00:00 |
(Déjà vu) ASEC Weekly Phishing Email Threat Trends (January 22nd, 2023 – January 28th, 2023) (lien direct) |
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 22nd, 2023 to January 28th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act...
|
Threat
|
|
★★
|
|
2023-02-06 12:00:00 |
DarkSide Ransomware With Self-Propagating Feature in AD Environments (lien direct) |
In order to evade analysis and sandbox detection, DarkSide ransomware only operates when the loader and data file are both present. The loader with the name “msupdate64.exe” reads the “config.ini” data file within the same path that contains the encoded ransomware and runs the ransomware on the memory area of a normal process. The ransomware is structured to only operate when a specific argument matches. It will then register itself to the task scheduler and run itself periodically. The following...
|
Ransomware
|
|
★★★
|
|
2023-02-06 01:00:00 |
Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations (lien direct) |
Sliver is an open-source penetration testing tool developed in the Go programming language. Cobalt Strike and Metasploit are major examples of penetration testing tools used by many threat actors, and various attack cases involving these tools have been covered here on the ASEC blog. Recently, there have been cases of threat actors using Sliver in addition to Cobalt Strike and Metasploit. The ASEC (AhnLab Security Emergency response Center) analysis team is monitoring attacks against systems with either unpatched vulnerabilities or...
|
Malware
Tool
Vulnerability
Threat
|
|
★★
|
|
2023-02-02 00:02:43 |
(Déjà vu) ASEC Weekly Malware Statistics (January 23rd, 2023 – January 29th, 2023) (lien direct) |
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 23rd, 2023 (Monday) to January 29th, 2023 (Sunday). For the main category, downloader ranked top with 44.2%, followed by Infostealer with 34.3%, backdoor with 18.5%, ransomware with 2.6%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 24.0%. The malware is distributed via malware disguised...
|
Ransomware
Malware
|
|
★★
|
|
2023-02-01 23:55:07 |
Malicious LNK File Disguised as a Normal HWP Document (lien direct) |
The ASEC analysis team discovered the distribution of a malicious LNK file disguised as a normal HWP document, Along with a text file impersonating the National Tax Service. A normal HWP document with related contents is opened simultaneously, making it difficult for users to realize the file is rogue. The malicious script file executed in the end is the same type as the script covered in ‘Malicious Word Files Disguised as Product Introduction‘ and is deemed to be created by...
|
|
|
★★
|
|
2023-01-31 23:32:00 |
Phishing Emails in Circulation, This Time Disguised as Requests for Product Quotation (lien direct) |
The ASEC analysis team has recently been monitoring phishing emails with content related to requests for product quotations. These phishing emails are all disguised to seem as if they were sent by a manager with a high position, such as the team leader or department director of production companies or foundries. There were also .html and .htm attachments. This post will cover the two major phishing emails disguised as quotation requests. For convenience, these emails will be referred to as...
|
Guideline
|
|
★★★
|
|
2023-01-31 23:29:34 |
TZW Ransomware Being Distributed in Korea (lien direct) |
Through internal monitoring, the ASEC analysis team recently discovered the distribution of the TZW ransomware, which encrypts files before adding the “TZW” file extension to the original extension. This ransomware is being propagated with the version info marked as “System Boot Info”, disguising itself as a normal program file related to boot information. It was created in a .NET format and includes a loader and the actual ransomware data within it. It ultimately loads and executes the ransomware file through...
|
Ransomware
|
|
★★
|
|
2023-01-31 05:29:32 |
(Déjà vu) ASEC Weekly Phishing Email Threat Trends (January 15th, 2023 – January 21st, 2023) (lien direct) |
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 15th, 2023 to January 21st, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act...
|
Threat
|
|
★★
|
|
2023-01-31 05:24:56 |
A Phishing Page that Changes According to the User\'s Email Address (Using Favicon) (lien direct) |
The ASEC analysis team continuously monitors phishing emails, and we have been detecting multiple phishing emails that are distributed with a changing icon to reflect the mail account service entered by the user. The following is an email distributed on January 16, 2023, warning users that their account will be shut down, prompting them to click the ‘Reactivate Now’ link if they need their account kept active. The linked phishing page steals the user’s email account and password. There are...
|
|
|
★★
|
|
2023-01-31 00:32:00 |
Attack Cases of CoinMiners Mining Ethereum Classic Coins (lien direct) |
The ASEC analysis team is monitoring CoinMiners that are targeting Korean and overseas users. We have covered cases of various types of CoinMiner attacks over multiple blog posts in the past. This post aims to introduce the recently discovered malware that mine Ethereum Classic coins. 0. Overview CoinMiners are installed without user awareness and use the system’s resources to mine cryptocurrency, leading to low system performance. Threat actors that distribute CoinMiners tend to mine coins that guarantee anonymity, such as...
|
Malware
Threat
Guideline
|
|
★★
|
|
2023-01-30 06:59:43 |
Analysis Report on Malware Distributed via Microsoft OneNote (lien direct) |
This document is an analysis report on malware that is being actively distributed using Microsoft OneNote. The ASEC analysis team identified the rapidly increasing trend of OneNote malware distribution from November 2022 and has classified the malware according to the level of intricacy based on the screen that appears when the file is actually opened. These categories include ‘1) The type where malicious objects are hidden with simple block images’ and ‘2) The more intricately created malicious OneNote types’. Below...
|
Malware
Prediction
|
|
★★★★
|
|
2023-01-30 00:57:25 |
(Déjà vu) ASEC Weekly Malware Statistics (January 16th, 2023 – January 22nd, 2023) (lien direct) |
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 16th, 2022 (Monday) to January 22nd, 2023 (Sunday). For the main category, Infostealer ranked top with 43.0%, followed by downloader with 30.06%, backdoor with 19.9%, ransomware with 3.8%, CoinMiner 2.4%, and baking malware with 0.3%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 20.3%. The malware is distributed...
|
Ransomware
Malware
|
|
★★
|
|
2023-01-27 01:51:14 |
(Déjà vu) ASEC Weekly Phishing Email Threat Trends (January 8th, 2023 – January 14th, 2023) (lien direct) |
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 8th, 2023 to January 14th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act...
|
Threat
|
|
★★
|
|
2023-01-20 05:04:47 |
(Déjà vu) ASEC Weekly Malware Statistics (January 9th, 2023 – January 15th, 2023) (lien direct) |
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 9th, 2023 (Monday) to January 15th, 2023 (Sunday). For the main category, downloader ranked top with 38.4%, followed by Infostealer with 37.0%, backdoor with 18.2%, ransomware with 4.0%, CoinMiner with 1.5%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place with...
|
Ransomware
Malware
|
|
★★
|
|
2023-01-17 00:41:31 |
(Déjà vu) ASEC Weekly Phishing Email Threat Trends (January 1st, 2023 – January 7th, 2023) (lien direct) |
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 1st, 2023 to January 7th, 2022 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act...
|
Threat
|
|
★★
|
|
2023-01-17 00:31:00 |
Malware Disguised as a Manuscript Solicitation Letter (Targeting Security-Related Workers) (lien direct) |
On January 8th, the ASEC analysis team identified the distribution of a document-type malware targeting workers in the security field. The obtained malware uses an external object within a Word document to execute an additional malicious macro. Such a technique is called the template Injection method. and a similar attack case was covered in a previous blog post. When the Word document is opened, it downloads and executes an additional malicious Word macro document from the threat actor’s C&C server....
|
Malware
Threat
|
|
★★
|
|
2023-01-17 00:29:17 |
Phishing Web Server Identified Through an Impostor National Tax Service Email (lien direct) |
The ASEC analysis team recently discovered that a phishing email impersonating the National Tax Service was being distributed. This phishing email emphasizes the urgency of the company email password expiring on the same day, and it is being sent with a message urging recipients to extend their password duration before the account is locked. Figure 1. Original email Figure 2. Phishing site for entering account information Figure 3. Source code of the login page Clicking the hyperlink inserted to the...
|
|
|
★★
|
|
2023-01-13 04:32:36 |
(Déjà vu) ASEC Weekly Malware Statistics (January 2nd, 2023 – January 8th, 2023) (lien direct) |
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 2nd, 2023 (Monday) to January 8th, 2023 (Sunday). For the main category, downloader ranked top with 55.9%, followed by Infostealer with 21.3%, backdoor with 14.2%, ransomware with 7.9%, and CoinMiner with 0.8%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 32.3%. The malware is distributed via malware disguised...
|
Ransomware
Malware
|
|
★★
|
|
2023-01-13 00:52:34 |
Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack (lien direct) |
The ASEC analysis team recently identified Orcus RAT being distributed on file-sharing sites disguised as a cracked version of Hangul Word Processor. The threat actor that distributed this malware is the same person that distributed BitRAT and XMRig CoinMiner disguised as a Windows license verification tool on file-sharing sites.[1] The malware distributed by the threat actor has a similar form as those of the past, except for the fact that Orcus RAT was used instead of BitRAT. Furthermore, the new malware...
|
Malware
Tool
Threat
|
|
★★
|
|
2023-01-10 00:51:27 |
(Déjà vu) ASEC Weekly Phishing Email Threat Trends (December 25th, 2022 – December 31st, 2022) (lien direct) |
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from December 25th, 2022 to December 31st, 2022 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act...
|
Threat
|
|
★★
|
|
2023-01-10 00:20:05 |
Web Page Disguised as a Kakao Login Page (lien direct) |
The ASEC analysis team recently identified a fake Kakao login page attempting to gain access to the account credentials of specific individuals. The specific route through which users first arrive on these pages is unknown, but it is assumed that users were led to log in via web on a page whose link is provided in phishing emails. When the user arrives on the web page, the ID of the Kakao account is autocompleted, as shown in Figure 1 below....
|
|
|
★★
|
|
2023-01-05 23:47:00 |
Distribution of NetSupport RAT Malware Disguised as a Pokemon Game (lien direct) |
NetSupport Manager is a remote control tool that can be installed and used by ordinary or corporate users for the purpose of remotely controlling systems. However, it is being abused by many threat actors because it allows external control over specific systems. Unlike backdoors and RATs (Remote Access Trojans), which are mostly based on command lines, remote control tools (Remote Administration Tools) place emphasis on user-friendliness, so they offer remote desktops, also known as GUI environments. Even though they may...
|
Malware
Tool
Threat
|
|
★★
|
|
2023-01-05 23:43:53 |
(Déjà vu) ASEC Weekly Malware Statistics (December 26th, 2022 – January 1st, 2023) (lien direct) |
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 26th, 2022 (Monday) to January 1st, 2023 (Sunday). For the main category, downloader ranked top with 48.8%, followed by backdoor with 24.2%, Infostealer with 18.4%, CoinMiner with 4.8%, ransomware with 3.4%, and lastly banking malware with 0.5%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This...
|
Ransomware
Malware
|
|
★★
|
|
2023-01-04 01:52:19 |
Shc Linux Malware Installing CoinMiner (lien direct) |
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl. 1. Shc (Shell Script Compiler) Shc is an abbreviation for Shell Script Compiler and is responsible for...
|
Malware
|
|
★★
|
|
2023-01-03 06:58:47 |
(Déjà vu) ASEC Weekly Phishing Email Threat Trends (December 18th, 2022 – December 24th, 2022) (lien direct) |
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from December 18th, 2022 to December 24th, 2022 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act...
|
Threat
|
|
★★
|
|
2023-01-03 00:36:00 |
How Infostealer Threat Actors Make a Profit (lien direct) |
Infostealer is a type of information-stealing malware with the goal of stealing user credentials such as the user account information, cryptocurrency wallet address, and files that are saved in programs such as web browsers and email clients. According to the ASEC report for Q3 2022, Infostealers make up more than half of malware types with executable formats reported by client companies or collected by AhnLab. As the downloader types also actually install Infostealers or backdoor-type malware, it can be said...
|
Malware
Threat
|
|
★★
|
|
2023-01-02 01:18:00 |
(Déjà vu) ASEC Weekly Malware Statistics (December 19th, 2022 – December 25th, 2022) (lien direct) |
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 19th, 2022 (Monday) to December 25th, 2022 (Sunday). For the main category, Infostealer ranked top with 37.3%, followed by downloader with 35.7%, backdoor with 23.9%, and ransomware with 3.1%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 23.3%. The malware is distributed via malware disguised as PUP installer....
|
Ransomware
Malware
|
|
★★
|
|
2022-12-27 23:35:42 |
Types of Recent .NET Packers and Their Distribution Trends in Korea (lien direct) |
0. Overview This post is a summary of the TI report, ‘Report on the Trends and Types of Recent .NET Packers.’ Please refer to the report in the hyperlink for more details on the topic. Recently, packers made with .NET are being found in various places both in and outside Korea. Thus, the ASEC analysis team aims to introduce the five most commonly distributed .NET packers and their distribution trends in Korea. We will overview the types of malware distributed...
|
Malware
|
|
★★★★
|
|
2022-12-26 05:08:29 |
(Déjà vu) ASEC Weekly Phishing Email Threat Trends (December 11th, 2022 – December 17th, 2022) (lien direct) |
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from December 11th, 2022 to December 17th, 2022 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act...
|
Threat
|
|
★★
|
|
2022-12-26 04:51:42 |
(Déjà vu) ASEC Weekly Malware Statistics (December 12th, 2022 – December 18th, 2022) (lien direct) |
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 12th, 2022 (Monday) to December 18th, 2022 (Sunday). For the main category, downloader ranked top with 61.9%, followed by Infostealer with 24.7%, backdoor with 12.5%, and ransomware with 0.9%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place with 28.9%. Like...
|
Ransomware
Malware
|
|
★★
|
|
2022-12-26 04:08:49 |
Caution! Malware Signed With Microsoft Certificate (lien direct) |
Microsoft announced details on the distribution of malware signed with a Microsoft certificate.[1] According to the announcement, a driver authenticated with the Windows Hardware Developer Program had been abused due to the leakage of multiple Windows developer accounts. To prevent damage, Microsoft blocked the related accounts and applied a security update (Microsoft Defender 1.377.987.0 or later). To prevent security risks, Windows only allows the loading of kernel mode drivers that are signed. If a driver is not signed, it cannot...
|
Malware
|
|
★★★
|
|
2022-12-22 01:49:54 |
(Déjà vu) ASEC Weekly Phishing Email Threat Trends (December 4th, 2022 – December 10th, 2022) (lien direct) |
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and Honeypot. This post will cover the cases of distribution of phishing emails during the week from December 4th, 2022 to December 10th, 2022 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act...
|
Threat
|
|
★★
|
|
2022-12-22 01:46:08 |
Phishing Attacks Impersonating Famous Korean Banking Apps (lien direct) |
The ASEC analysis team recently identified that multiple malicious domains targeting normal websites of the financial sector had been created. From early November, we detected multiple distribution cases of phishing emails impersonating Naver Help. Through these, we had been monitoring the malicious URL that was included in these emails. The sender’s username was ‘Naver Center’ and the emails had a variety of topics to deceive users, including notifications for changes to contact details, creation of a new one-time password, login...
|
|
|
★★★
|
|
2022-12-22 01:22:41 |
Qakbot Being Distributed via Virtual Disk Files (*.vhd) (lien direct) |
There’s been a recent increase in the distribution of malware using disk image files. Out of these, the Qakbot malware has been distributed in ISO and IMG file formats, and the ASEC analysis team discovered that it has recently changed its distribution to the use of VHD files. Such use of disk image files (IMG, ISO, VHD) is seen to be Qakbot’s method of bypassing Mark of the Web (MOTW). Disk image files can bypass the MOTW feature because when the files inside...
|
Malware
|
|
★★★★
|
|
2022-12-22 01:16:00 |
Vidar Stealer Exploiting Various Platforms (lien direct) |
Vidar Malware is one of the active Infostealers, and its distribution has been significantly increasing. Its characteristics include the use of famous platforms such as Telegram and Mastodon as an intermediary C2. The link below is a post about a case where malicious behaviors were performed using Mastodon. Even afterward, Vidar saw continuous version updates while actively being distributed. In the recent samples in circulation, various other platforms such as Steam and TikTok were used aside from Telegram and Mastodon....
|
Malware
|
|
★★★
|
|
2022-12-22 01:03:21 |
Nitol DDoS Malware Installing Amadey Bot (lien direct) |
The ASEC analysis team recently discovered that a threat actor has been using Nitol DDoS Bot to install Amadey. Amadey is a downloader that has been in circulation since 2018, and besides extorting user credentials, it can also be used for the purpose of installing additional malware. Amadey is being actively distributed again this year, and even until very recently, it has been propagating itself on websites disguised as cracks and keygens for normal software and installing other malware on...
|
Malware
Threat
|
|
★★★
|
|
2022-12-15 06:10:39 |
(Déjà vu) ASEC Weekly Malware Statistics (December 5th, 2022 – December 11th, 2022) (lien direct) |
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 5th, 2022 (Monday) to December 11th, 2022 (Sunday). For the main category, downloader ranked top with 44.3%, followed by Infostealer with 28.2%, backdoor with 18.3%, ransomware with 8.5%, and CoinMiner with 0.7%. Top 1 – Amadey This week, Amadey Bot ranked first place with 15.9%. Amadey is a downloader that can receive commands...
|
Ransomware
Malware
|
|
★★
|
|
2022-12-15 06:04:55 |
Caution! Magniber Ransomware Restarts Its Propagation on December 9th With COVID-19 Related Filenames (lien direct) |
On December 9th, 2022, the ASEC analysis team discovered that Magniber Ransomware is being distributed again. During the peak of the COVID-19 outbreak, Magniber was found being distributed with COVID-19 related filenames alongside the previous security update related filenames. C:\Users\$USERS\Downloads\COVID.Warning.Readme.2f4a204180a70de60e674426ee79673f.msiC:\Users\$USERS\Downloads\COVID.Warning.Readme.502ef18830aa097b6dd414d3c3edd5fb.msiC:\Users\$USERS\Downloads\COVID.Warning.Readme.a179a9245f8e13f41d799e775b71fdff.msi Table 1. COVID-19 related filenames in circulation In the past, Magniber exploited Internet Explorer’s vulnerability to infect user PCs via Drive by Download which only required users to visit a web page. However, after Microsoft stopped supporting Internet Explorer, Magniber’s...
|
Ransomware
Vulnerability
|
|
★★★
|
|
2022-12-15 06:02:24 |
STOP Ransomware Being Distributed in Korea (lien direct) |
The ASEC analysis team discovered that the STOP ransomware is being distributed in Korea. This ransomware is being distributed at a very high volume that it is ranked among the Top 3 in the ASEC Weekly Malware Statistics (November 28th, 2022 – December 4th, 2022). The files that are currently being distributed are in the form of MalPe just like SmokeLoader and Vidar, and the filenames include a random 4-byte string as shown below. When the ransomware is executed, it first...
|
Ransomware
Malware
|
|
★
|
|
2022-12-12 23:20:32 |
(Déjà vu) ASEC Weekly Phishing Email Threat Trends (November 27th, 2022 – December 3rd, 2022) (lien direct) |
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and Honeypot. This post will cover the cases of distribution of phishing emails during the week from November 27th, 2022 to December 3rd, 2022 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act...
|
Threat
|
|
★★
|
|
2022-12-12 23:00:14 |
How Similar Is the Microsoft Account-stealing Phishing Page to the Actual Page? (lien direct) |
Many corporations and users both in and outside Korea use Microsoft accounts to use major services offered by Microsoft, including Outlook, Office, OneDrive, and Windows. Users use integrated login to easily access all Microsoft services linked to their account. What does this mean for the threat actor? There is no better target for attacks because there is a large volume of information that can be gained using just one account. Particularly in the case of users that handle sensitive information...
|
Threat
|
|
★★
|
|
2022-12-08 02:10:30 |
(Déjà vu) ASEC Weekly Malware Statistics (November 28th, 2022 – December 4th, 2022) (lien direct) |
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 28th, 2022 (Monday) to December 4th, 2022 (Sunday). For the main category, Infostealer ranked top with 34.8%, followed by downloader with 28.2%, backdoor with 21.1%, ransomware with 14.6%, and CoinMiner with 0.3%. Top 1 – SmokeLoader SmokeLoader is an infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place with...
|
Ransomware
Malware
|
|
★★
|
|
2022-12-08 01:39:28 |
Phishing Email Impersonating Quasi-governmental Organization Being Distributed (lien direct) |
The ASEC analysis team has recently detected the distribution of a phishing email impersonating a non-profit quasi-governmental organization. Since the email is using a webpage disguised as a login page of GobizKOREA serviced by Korea SMEs and Startups Agency (KOSME), users who are working in the trading industry should take extra caution. The figure below shows the email’s subject and body. It tells the reader that a new inquiry from a buyer was registered. Since all five hyperlinks in the...
|
|
|
★★
|
|
2022-12-08 01:29:09 |
ASEC Weekly Phishing Email Threat Trend (November 20th, 2022 – November 26th, 2022) (lien direct) |
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and Honeypot. This post will cover the cases of distribution of phishing emails during the week from November 20th, 2022 to November 26th, 2022 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act...
|
Threat
|
|
★★
|
