What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
Blog.webp 2022-07-25 05:17:47 (Déjà vu) ASEC Weekly Malware Statistics (July 11th, 2022 – July 17th, 2022) (lien direct) The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 11th, 2022 (Monday) to July 17th, 2022 (Sunday). For the main category, info-stealer ranked top with 52.2%, followed by backdoor with 26.8%, downloader with 19.7%, banking with 0.6%, and ransomware with 0.6%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.9%. It is an info-stealer that leaks... Ransomware Malware
Blog.webp 2022-07-25 05:15:35 Cases of Attacks Targeting Vulnerable Atlassian Confluence Servers (lien direct) The ASEC analysis team has been monitoring attacks that are targeting vulnerable systems. This post will discuss cases of attacks targeting vulnerable Atlassian Confluence Servers that are not patched. Atlassian’s Confluence is a major collaboration platform used by many companies across the globe. Being a web-based platform, services such as managing projects and collaboration are mainly provided by Confluence Servers (or Confluence Data Centers). As it is a solution used by many companies, many vulnerabilities targeting vulnerable Confluence Servers and...
Blog.webp 2022-07-21 00:17:28 (Déjà vu) ASEC Weekly Malware Statistics (July 4th, 2022 – July 10th, 2022) (lien direct) The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 4th, 2022 (Monday) to July 10th, 2022 (Sunday). For the main category, info-stealer ranked top with 43.9%, followed by downloader with 27.2%, backdoor with 21.1%, banking with 6.1%, ransomware with 1.1%, and coinminer with 0.6%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 27.2%. It is an... Ransomware Malware
Blog.webp 2022-07-21 00:10:40 Malware Being Distributed by Disguising Itself as Icon of V3 Lite (lien direct) The ASEC analysis team has discovered the distribution of malware disguised as a V3 Lite icon and packed with the .NET packer. The attacker likely created an icon that is almost identical to that of V3 Lite to trick the user, and AveMaria RAT and AgentTesla were discovered during the last month using this method. As shown in Figure 1, the icon looks almost identical to the actual V3 Lite icon. AveMaria is a RAT (Remote Administration Tool) malware with... Malware
Blog.webp 2022-07-21 00:06:36 Amadey Bot Being Distributed Through SmokeLoader (lien direct) Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it has been sold in illegal forums and used by various attackers. The ASEC analysis team previously revealed cases where Amadey was used on attacks in the ASEC blog posted in 2019 (English version unavailable). Amadey was mainly used to install ransomware by attackers of GandCrab or to install FlawedAmmyy by... Ransomware Malware
Blog.webp 2022-07-20 23:41:12 Change in Injection Method of Magniber Ransomware (lien direct) The ASEC analysis team is constantly monitoring Magniber, which has a higher number of distribution cases. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed as a Windows installer package file (.msi) on Edge and Chrome browsers. Magniber, which is being distributed as Windows installation package file (.msi), has hundreds of distribution logs reported every day (see... Ransomware Vulnerability
Blog.webp 2022-07-11 23:47:10 GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email (lien direct) GuLoader has ranked again in Top 5 malware keywords of ASEC Weekly Malware Statistics for the first time in two years. It is a downloader malware that can download additional malware, and got its name as Google Drive is frequently used as its download URL. The ASEC analysis team has discovered that this type of malware took the most portion among Downloader malware types that were distributed during the 2nd quarter of this year (see figure below). Recently discovered case... Malware
Blog.webp 2022-07-11 00:47:31 Meterpreter Distributed to Vulnerable Server of Korean Medical Institution (lien direct) While monitoring malware strains distributed to vulnerable servers, the ASEC analysis team discovered an attack case for PACS (Picture Archiving and Communication System) server used by Korean medical institutions. PACS is a system for digitally managing and transferring medical images of patients, which is used to check and interpret the images without being restrained by time and space. This system is thus used by many hospitals. As there are multiple PACS vendors, each medical institution may use different PACS systems.... Malware
Blog.webp 2022-07-11 00:36:11 AppleSeed Disguised as Purchase Order and Request Form Being Distributed (lien direct) The ASEC analysis team has recently discovered the distribution of AppleSeed disguised as purchase orders and request forms. AppleSeed is a backdoor malware mainly used by the Kimsuky group. It stays in the system and performs malicious behaviors by receiving commands from attackers. The malware is currently being distributed under the following filenames. Purchase order-**-2022****-001-National Tax Service additionally implementing security sensors in 5 regional tax offices_***.jse Request form(general manager ***).jse The JSE (JScript Encoded File) file consists of JavaScript, and... Malware
Blog.webp 2022-07-07 01:27:25 (Déjà vu) ASEC Weekly Malware Statistics (June 27th, 2022 – July 3rd, 2022) (lien direct) The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 27th, 2022 (Monday) to July 3rd, 2022 (Sunday). For the main category, info-stealer ranked top with 48.0%, followed by banking malware with 26.5%, RAT (Remote Administration Tool) with 12.5%, downloader with 8.2%, ransomware with 2.2%, coinminer with 1.8%, and backdoor with 0.7%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked... Ransomware Malware
Blog.webp 2022-07-07 01:13:00 AsyncRAT Being Distributed to Vulnerable MySQL Servers (lien direct) The ShadowServer foundation has recently released a report showing that there are about 3.6 million MySQL servers exposed to outside. Along with MS-SQL server, MySQL server is one of the main database servers that provides the feature of managing large amounts of data in a corporate or user environment. MS-SQL is mainly used in Windows environments, but MySQL is still being used by many in Linux environments. ASEC analysis team is constantly monitoring malware distributed to vulnerable database servers. In... Malware
Blog.webp 2022-07-01 05:48:14 I Don\'t Want to Receive Any Unnecessary Information! (lien direct) According to Section 50 of the ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, anyone who wishes to send promotional information for commercial purposes via electronic transmission media must receive explicit consent of the receiver in advance. Spam refers to promotional information sent or posted for commercial purposes through communications networks although it is unwanted by the user. This post will present the analysis of a program that sends messages automatically on a particular web portal.... Spam
Blog.webp 2022-07-01 05:27:57 Case of Attack Exploiting AnyDesk Remote Tool (Cobalt Strike and Meterpreter) (lien direct) MS-SQL servers are mainly the attack targets for Windows systems. Attackers scan vulnerable MS-SQL servers that are poorly managed and install malware upon gaining control. Malware strains installed by attackers include CoinMiner, ransomware, backdoor, etc., and may vary depending on the purpose of the attack. Most backdoor strains are remote control types such as Remcos RAT and Gh0st RAT, but there are also infiltration testing tools used to dominate companies’ internal systems such as Cobalt Strike and Meterpreter. The attack... Malware Tool
Blog.webp 2022-06-29 05:06:20 (Déjà vu) ASEC Weekly Malware Statistics (June 20th, 2022 – June 26th, 2022) (lien direct) The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 20th, 2022 (Monday) to June 26th, 2022 (Sunday). For the main category, info-stealer ranked top with 53.8%, followed by downloader with 25.1%, backdoor with 14.8%, banking malware with 4.9%, and ransomware with 1.3%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 25.6%. It is an info-stealer that... Ransomware Malware
Blog.webp 2022-06-28 04:44:03 ASEC Weekly Malware Statistics (June 13th, 2022 – June 19th, 2022) (lien direct) The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 13th, 2022 (Monday) to June 19th, 2022 (Sunday). For the main category, info-stealer ranked top with 63.8%, followed by backdoor with 17.8%, downloader with 8.9%, banking malware with 7.5%, and ransomware with 1.9%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.1%. It is an info-stealer that... Ransomware Malware
Blog.webp 2022-06-28 04:42:22 New Info-stealer Disguised as Crack Being Distributed (lien direct) The ASEC analysis team has previously uploaded posts about various malware types that are being distributed by disguising themselves as software cracks and installers. CryptBot, RedLine, and Vidar are major example cases. Recently, a single malware type of RedLine has disappeared (it is still being distributed as a dropper type) and a new infostealer malware is being actively distributed instead. Its distribution became in full swing starting from May 20th, globally categorized as “Recordbreaker Stealer.” Some analyses see it as... Malware
Last update at: 2024-07-26 08:19:23
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter