What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
Blog.webp 2023-03-13 00:49:37 CHM Malware Disguised as North Korea-related Questionnaire (Kimsuky) (lien direct) AhnLab Security Emergency response Center (ASEC) has recently discovered a CHM malware which is assumed to have been created by the Kimsuky group. This malware type is the same as the one covered in the following ASEC blog posts and the analysis report on the malware distributed by the Kimsuky group, its goal being the exfiltration of user information. Analysis Report on Malware Distributed by the Kimsuky Group – Oct 20, 2022 APT Attack Being Distributed as Windows Help File (*.chm) –... Malware ★★★
Blog.webp 2023-03-10 00:55:42 Netcat Attack Cases Targeting MS-SQL Servers (LOLBins) (lien direct) ASEC (AhnLab Security Emergency response Center) has recently discovered the distribution of the Netcat malware targeting poorly managed MS-SQL servers. Netcat is a utility that allows users to send and receive data from specific destinations on a network connected by the TCP/UDP protocol. Due to its various features and ability to be used on both Linux and Windows, it is utilized by network managers and threat actors alike. 1. Netcat From a malware standpoint, a characteristic of Netcat is its... Malware Threat ★★★
Blog.webp 2023-03-09 00:00:00 PlugX Malware Being Distributed via Vulnerability Exploitation (lien direct) The ASEC (AhnLab Security Emergency response Center) has recently discovered the installation of the PlugX malware through the Chinese remote control programs Sunlogin and Awesun’s remote code execution vulnerability. Sunlogin’s remote code execution vulnerability (CNVD-2022-10270 / CNVD-2022-03672) is still being used for attacks even now ever since its exploit code was disclosed. The team previously made a post about how Sliver C2, XMRig CoinMiner, and Gh0st RAT were being distributed through the Sunlogin RCE vulnerability. Additionally, since Gh0st RAT was... Malware Vulnerability ★★★
Blog.webp 2023-03-08 23:30:00 CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft) (lien direct) The ASEC (AhnLab Security Emergency response Center) analysis team has discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group (also known as APT37, ScarCruft), is being distributed to Korean users. The team has confirmed that the command used in the “2.3. Persistence” stage of the RedEyes group’s M2RAT malware attack, which was reported back in February, has the same format as the command used in this attack. This information, as well as... Malware Threat Cloud APT 37 ★★
Blog.webp 2023-03-08 23:00:00 Decryptable iswr Ransomware Being Distributed in Korea (lien direct) ASEC (AhnLab Security Emergency response Center) has recently discovered the distribution of the iswr ransomware during the team’s monitoring. A characteristic of iswr is the fact that it adds the iswr extension at the end of filenames after the files have been encrypted. The ransom note of this ransomware has the same format as the STOP ransomware, but when it comes to its encryption method along with the extensions and folders that are targeted, its operation routine differs greatly from... Ransomware ★★
Blog.webp 2023-03-08 02:35:18 ASEC Weekly Malware Statistics (February 27th, 2023 – March 5th, 2023) (lien direct) The ASEC (AhnLab Security response Center) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 27th, 2023 (Monday) to March 5th, 2023 (Sunday). For the main category, backdoor ranked top with 51.4%, followed by Infostealer with 31.2%, downloader with 16.5%, and ransomware with 0.9%. Top 1 – RedLine RedLine ranked first place with 41.0%. The malware steals various information such as web browsers, FTP clients, cryptocurrency... Ransomware Malware ★★
Blog.webp 2023-03-07 23:03:00 GlobeImposter Ransomware Being Distributed with MedusaLocker via RDP (lien direct) ASEC (AhnLab Security Emergency response Center) has recently discovered the active distribution of the GlobeImposter ransomware. This attack is being carried out by the threat actors behind MedusaLocker. While the specific route could not be ascertained, it is assumed that the ransomware is being distributed through RDP due to the various pieces of evidence gathered from the infection logs. The threat actor installed various tools alongside GlobeImposter, such as Port Scanner and Mimikatz. Once installed, if these tools are able... Ransomware Threat ★★
Blog.webp 2023-03-06 23:30:00 Lazarus Group Attack Case Using Vulnerability of Certificate Software Commonly Used by Public Institutions and Universities (lien direct) Since two years ago (March 2021), the Lazarus group’s malware strains have been found in various Korean companies related to national defense, satellites, software, media press, etc. As such, ASEC (AhnLab Security Emergency Response Center) has been pursuing and analyzing the Lazarus threat group’s activities and related malware.  The affected company in this case had been infiltrated by the Lazarus group in May 2022 and was re-infiltrated recently through the same software’s 0-Day vulnerability. During the infiltration in May 2022,... Malware Vulnerability Threat Medical APT 38 ★★★
Blog.webp 2023-03-06 02:06:58 ASEC Weekly Phishing Email Threat Trends (February 19th, 2023 – February 25th, 2023) (lien direct) The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from February 19th, 2023 to February 25th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act... Threat ★★
Blog.webp 2023-03-01 23:39:11 (Déjà vu) ASEC Weekly Malware Statistics (February 20th, 2023 – February 26th, 2023) (lien direct) The ASEC (AhnLab Security response Center) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 20th, 2023 (Monday) to February 26th, 2023 (Sunday). For the main category, backdoor ranked top with 51.0%, followed by downloader with 24.7%, Infostealer with 22.7%, ransomware with 1.4%, and CoinMiner with 0.2%. Top 1 – RedLine RedLine ranked first place with 46.9%. The malware steals various information such as web browsers,... Ransomware Malware ★★
Blog.webp 2023-02-26 23:00:00 (Déjà vu) ASEC Weekly Phishing Email Threat Trends (February 12th, 2023 – February 18th, 2023) (lien direct) The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from February 12th, 2023 to February 18th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act... Threat
Blog.webp 2023-02-23 23:10:00 Magniber Ransomware\'s Relaunch Technique (lien direct) ASEC (AhnLab Security Emergency Response Center) has been constantly monitoring the Magniber ransomware which has been displaying a high number of distribution cases. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years, but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed as a Windows installer package file (.msi) in Edge and Chrome browsers. There have been recent reports of systems being reinfected by Magniber. Analysis revealed... Ransomware Vulnerability ★★
Blog.webp 2023-02-23 22:59:00 Emails Impersonating Shipping Companies Distributed as \'Guide on Submitting Import Clearance Info\' (lien direct) ASEC (AhnLab Security Emergency response Center) has recently discovered malicious emails impersonating shipping companies being distributed in Korea. These emails prompt users to open the attached file with the subject ‘Submitting import clearance info’. Considering that the attached HTML’s filename starts with ‘DHL_Korea’, it can be concluded that the email is being distributed to Korean targets. Figure 1. Original email This disguised email has a login page in the attached HTML file. When a user logs in this page, an Excel file... ★★
Blog.webp 2023-02-23 02:00:00 Anti-Forensic Techniques Used By Lazarus Group (lien direct) Since approximately a year ago, the Lazarus group’s malware has been discovered in various Korean companies related to national defense, satellites, software, and media press. The AhnLab ASEC analysis team has been continuously tracking the Lazarus threat group’s activities and other related TTPs. Among the recent cases, this post aims to share the anti-forensic traces and details found in the systems that were infiltrated by the Lazarus group. Overview Definition of Anti-Forensics Anti-forensics refers to the tampering of evidence in... Malware Threat Medical APT 38 ★★
Blog.webp 2023-02-23 01:03:51 ChromeLoader Disguised as Illegal Game Programs Being Distributed (lien direct) Since the previous year, there has been a steady increase in cases where disk image files, such as ISO and VHD, have been used in malware distribution. These have been covered several times in previous ASEC blog posts. This post will cover a recent discovery of ChromeLoader being distributed using VHD files. These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games. Some of the filenames used in... Malware ★★
Blog.webp 2023-02-23 00:00:00 Distribution of Malware Exploiting Vulnerable Innorix: Andariel (lien direct) The ASEC (AhnLab Security Emergency response Center) analysis team has discovered the distribution of malware targeting users with vulnerable versions of Innorix Agent. The collected malware is a backdoor that attempts to connect to a C&C server. The exploited Innorix Agent is a file transfer solution client. Details about the vulnerability were posted by the Korea Internet & Security Agency (KISA)[1] where the INNORIX Agent versions that required the security updates were identified as version 9.2.18.450 and an earlier version,... Malware Vulnerability ★★
Blog.webp 2023-02-22 07:19:07 (Déjà vu) ASEC Weekly Malware Statistics (February 13th, 2023 – February 19th, 2023) (lien direct) The AhnLab Security response Center (ASEC) analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 13th, 2023 (Monday) to February 19th, 2023 (Sunday). For the main category, backdoor ranked top with 50.8%, followed by downloader with 41.0%, Infostealer with 7.3%, ransomware with 0.8%, and CoinMiner with 0.2%. Top 1 – RedLine RedLine ranked first place with 49.4%. The malware steals various information such as... Ransomware Malware ★★
Blog.webp 2023-02-21 01:00:00 HWP Malware Using the Steganography Technique: RedEyes (ScarCruft) (lien direct) In January, the ASEC (AhnLab Security Emergency response Center) analysis team discovered that the RedEyes threat group (also known as APT37, ScarCruft) had been distributing malware by exploiting the HWP EPS (Encapsulated PostScript) vulnerability (CVE-2017-8291). This report will share the RedEyes group’s latest activity in Korea. 1. Overview The RedEyes group is known for targeting specific individuals and not corporations, stealing not only personal PC information but also the mobile phone data of their targets. A distinct characteristic of the... Malware Vulnerability Threat Cloud APT 37 ★★★
Blog.webp 2023-02-21 00:30:00 (Déjà vu) ASEC Weekly Phishing Email Threat Trends (February 5th, 2023 – February 11th, 2023) (lien direct) The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from February 5th, 2023 to February 11th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act... Threat ★★
Blog.webp 2023-02-17 01:00:00 Tracking Distribution Site of Magniber Ransomware Using EDR (lien direct) AhnLab ASEC has been blocking the Magniber ransomware through various means since its distribution has continued even after, “Redistribution of Magniber Ransomware in Korea (January 28th),” was posted back in January. A particular finding at the time was that the ransomware used the <a> tag to bypass domain blocks. In order to detect this, we have researched response measures by tracking the distribution site URL through a different method. The team is working hard to prevent damages through means such... Ransomware ★★
Blog.webp 2023-02-17 00:00:00 Overview of AhnLab\'s Response to Joint Cybersecurity Advisory Between South Korea and the United States on North Korean Ransomware (lien direct) On February 10, intelligence agencies from South Korea and the United States announced a cybersecurity advisory in regard to ransomware attacks from North Korea. It is the first joint report between the South Korean National Intelligence Service and the United States’ National Security Agency (NSA), Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) to raise awareness of cyberattacks from North Korea and protect both countries from ransomware. Title: Ransomware... Ransomware ★★
Blog.webp 2023-02-16 07:31:05 (Déjà vu) ASEC Weekly Malware Statistics (February 6th, 2023 – February 12th, 2023) (lien direct) The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 6th, 2023 (Monday) to February 12th, 2023 (Sunday). For the main category, downloader ranked top with 54.7%, followed by backdoor with 27.7%, Infostealer with 12.8%, ransomware with 4.6%, and CoinMiner with 0.1%. Top 1 – Amadey This week, Amadey Bot ranked first place with 43.9%. Amadey is a downloader that can receive commands... Ransomware Malware ★★
Blog.webp 2023-02-15 03:30:00 PYbot DDoS Malware Being Distributed Disguised as a Discord Nitro Code Generator (lien direct) A major method through which threat actors distribute malware is by uploading them to sites disguised as cracks or illegal software. After a threat actor uploads their malware disguised as a crack or serial keygen for some paid software, users become infected by the malware while installing this illegal software. The ASEC analysis team is monitoring malware that is being distributed through illegal software like software cracks or serial keygens. Many of the malware distributed in this way are Infostealers... Malware Threat ★★
Blog.webp 2023-02-15 03:01:49 Qakbot Being Distributed via OneNote (lien direct) Back in January, AhnLab ASEC published an analysis report on a malware strain that was being distributed through Microsoft (MS) OneNote. As mentioned in the report, there has recently been an increasing number of cases where commodity malware like Qakbot stopped using MS Office Macro, their past distribution method, and instead started to use OneNote to execute their malware. If you look at the Qakbot distribution via OneNote case that happened on February 1st, the threat actor distributed the OneNote... Malware Threat ★★
Blog.webp 2023-02-15 00:17:34 Malware Disguised as Normal Documents (Kimsuky) (lien direct) The ASEC analysis team has recently discovered that the malware introduced in the post, <Malware Disguised as a Manuscript Solicitation Letter (Targeting Security-Related Workers)>, is being distributed to broadcasting and ordinary companies as well as those in the security-related field. Identical to the malware introduced in the blog post above, all the malware documents utilize the template injection technique and download malicious word macro documents to execute themselves. The distributed filenames are as follows: To facilitate the execution of the malicious... Malware ★★
Blog.webp 2023-02-15 00:10:00 Continuous Distribution of LockBit 2.0 Ransomware Disguised as Resumes (lien direct) The ASEC analysis team has identified that Lockbit 2.0 is being distributed in a MalPE format instead of the NSIS format which the team had introduced it with previously. The MalPE format is a type of packing method that disrupts the analysis of the actual malware. It then decrypts and executies its PE files through an internal shell code. We have recently discovered during our monitoring of ransomware that the distribution of LockBit has risen since January. As it was... Ransomware ★★
Blog.webp 2023-02-15 00:00:00 Paradise Ransomware Distributed Through AweSun Vulnerability Exploitation (lien direct) The ASEC analysis team has recently discovered the distribution of Paradise ransomware. The threat actors are suspected to be utilizing a vulnerability exploitation of the Chinese remote control program AweSun. In the past, the team also found and covered the distribution of Sliver C2 and BYOVD through a Sunlogin vulnerability, a remote control program developed in China. 1. AweSun Vulnerability Exploitation The installation of Sliver C2 through the AweSun remote control program developed by AweRay was also discovered to have... Ransomware Vulnerability Threat ★★
Blog.webp 2023-02-13 00:26:58 (Déjà vu) ASEC Weekly Phishing Email Threat Trends (January 29th, 2023 – February 4th, 2023) (lien direct) The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 29th, 2023 to February 4th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act... Threat ★★
Blog.webp 2023-02-13 00:12:00 Web Page Disguised as a Naver Login Page (lien direct) On January 3rd, the ASEC analysis team covered a situation where a fake Kakao login page was used to steal the account credentials of certain individuals. Web Page Disguised as a Kakao Login Page The team has confirmed that the threat actor used a vulnerable website to create a domain. The same method described in the above post was used to create a fake Naver login page, and we will be covering it in this post. Emails impersonating Naver Help... Threat ★★★
Blog.webp 2023-02-13 00:10:00 AsyncRAT Being Distributed as Windows Help File (*.chm) (lien direct) The distribution method of malware has been diversifying as of late. Among these methods, a malware strain that uses the Windows Help file (*.chm) has been on the rise since last year, and has been covered multiple times in ASEC blog posts like the ones listed below. Recently, the distribution of AsyncRAT through CHM has been confirmed. The overall operation process is shown in Figure 1, and each step will be explained below. First, unlike the types covered in the... Malware ★★
Blog.webp 2023-02-13 00:06:00 Dalbit (m00nlight): Chinese Hacker Group\'s APT Attack Campaign (lien direct) 0. Overview This report is a continuation of the “Attackers Using FRP (Fast Reverse Proxy) to Attack Korean Companies” post that was uploaded on August 16, 2022 and follows the group’s activities since that post. This group has always relied on open-source tools and lacked any distinct characteristics to profile them due to the lack of PDB information. Additionally, the amount of information that could be collected was limited unless the affected Korean companies specifically asked for an investigation since... ★★
Blog.webp 2023-02-08 07:30:02 (Déjà vu) ASEC Weekly Malware Statistics (January 30th, 2023 – February 5th, 2023) (lien direct) The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 30th, 2023 (Monday) to February 5th, 2023 (Sunday). For the main category, downloader ranked top with 39.3%, followed by Infostealer with 28.8%, backdoor with 27.0%, ransomware with 2.6%, and CoinMiner with 2.2%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place... Ransomware Malware ★★
Blog.webp 2023-02-08 00:20:00 Redistribution of Magniber Ransomware in Korea (January 28th) (lien direct) On the morning of January 28th, the ASEC analysis team discovered the redistribution of Magniber disguised as normal Windows Installers (MSI). The distributed Magniber files have MSI as their extensions, disguising themselves as Windows update files. According to AhnLab's log system as seen in Figure 1, it can be noted that the distribution increased starting from January 27th. MS.Update.Center.Security.KB17347418.msi MS.Update.Center.Security.KB2562020.msi MS.Update.Center.Security.KB44945726.msi Figure 1. Increase in Magniber distribution confirmed by AhnLab's log system The site that is currently distributing Magniber is... Ransomware ★★★
Blog.webp 2023-02-08 00:00:00 Quasar RAT Being Distributed by Private HTS Program (lien direct) The ASEC analysis team has recently discovered the distribution of Quasar RAT through the private Home Trading System (HTS). No information could be found when looking up the HTS called HPlus that was used in the attack. Furthermore, the company’s name could not be found in even the clause of the installation process, so it is assumed that the victims did not install their HTS from an institutional financial company, but instead, they got HPlus HTS through an unsanctioned source... ★★
Blog.webp 2023-02-07 02:00:00 (Déjà vu) ASEC Weekly Phishing Email Threat Trends (January 22nd, 2023 – January 28th, 2023) (lien direct) The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 22nd, 2023 to January 28th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act... Threat ★★
Blog.webp 2023-02-06 12:00:00 DarkSide Ransomware With Self-Propagating Feature in AD Environments (lien direct) In order to evade analysis and sandbox detection, DarkSide ransomware only operates when the loader and data file are both present. The loader with the name “msupdate64.exe” reads the “config.ini” data file within the same path that contains the encoded ransomware and runs the ransomware on the memory area of a normal process. The ransomware is structured to only operate when a specific argument matches. It will then register itself to the task scheduler and run itself periodically. The following... Ransomware ★★★
Blog.webp 2023-02-06 01:00:00 Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations (lien direct) Sliver is an open-source penetration testing tool developed in the Go programming language. Cobalt Strike and Metasploit are major examples of penetration testing tools used by many threat actors, and various attack cases involving these tools have been covered here on the ASEC blog. Recently, there have been cases of threat actors using Sliver in addition to Cobalt Strike and Metasploit. The ASEC (AhnLab Security Emergency response Center) analysis team is monitoring attacks against systems with either unpatched vulnerabilities or... Malware Tool Vulnerability Threat ★★
Blog.webp 2023-02-02 00:02:43 (Déjà vu) ASEC Weekly Malware Statistics (January 23rd, 2023 – January 29th, 2023) (lien direct) The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 23rd, 2023 (Monday) to January 29th, 2023 (Sunday). For the main category, downloader ranked top with 44.2%, followed by Infostealer with 34.3%, backdoor with 18.5%, ransomware with 2.6%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 24.0%. The malware is distributed via malware disguised... Ransomware Malware ★★
Blog.webp 2023-02-01 23:55:07 Malicious LNK File Disguised as a Normal HWP Document (lien direct) The ASEC analysis team discovered the distribution of a malicious LNK file disguised as a normal HWP document, Along with a text file impersonating the National Tax Service. A normal HWP document with related contents is opened simultaneously, making it difficult for users to realize the file is rogue. The malicious script file executed in the end is the same type as the script covered in ‘Malicious Word Files Disguised as Product Introduction‘ and is deemed to be created by... ★★
Blog.webp 2023-01-31 23:32:00 Phishing Emails in Circulation, This Time Disguised as Requests for Product Quotation (lien direct) The ASEC analysis team has recently been monitoring phishing emails with content related to requests for product quotations. These phishing emails are all disguised to seem as if they were sent by a manager with a high position, such as the team leader or department director of production companies or foundries. There were also .html and .htm attachments. This post will cover the two major phishing emails disguised as quotation requests. For convenience, these emails will be referred to as... Guideline ★★★
Blog.webp 2023-01-31 23:29:34 TZW Ransomware Being Distributed in Korea (lien direct) Through internal monitoring, the ASEC analysis team recently discovered the distribution of the TZW ransomware, which encrypts files before adding the “TZW” file extension to the original extension. This ransomware is being propagated with the version info marked as “System Boot Info”, disguising itself as a normal program file related to boot information. It was created in a .NET format and includes a loader and the actual ransomware data within it. It ultimately loads and executes the ransomware file through... Ransomware ★★
Blog.webp 2023-01-31 05:29:32 (Déjà vu) ASEC Weekly Phishing Email Threat Trends (January 15th, 2023 – January 21st, 2023) (lien direct) The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 15th, 2023 to January 21st, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act... Threat ★★
Blog.webp 2023-01-31 05:24:56 A Phishing Page that Changes According to the User\'s Email Address (Using Favicon) (lien direct) The ASEC analysis team continuously monitors phishing emails, and we have been detecting multiple phishing emails that are distributed with a changing icon to reflect the mail account service entered by the user. The following is an email distributed on January 16, 2023, warning users that their account will be shut down, prompting them to click the ‘Reactivate Now’ link if they need their account kept active. The linked phishing page steals the user’s email account and password. There are... ★★
Blog.webp 2023-01-31 00:32:00 Attack Cases of CoinMiners Mining Ethereum Classic Coins (lien direct) The ASEC analysis team is monitoring CoinMiners that are targeting Korean and overseas users. We have covered cases of various types of CoinMiner attacks over multiple blog posts in the past. This post aims to introduce the recently discovered malware that mine Ethereum Classic coins. 0. Overview CoinMiners are installed without user awareness and use the system’s resources to mine cryptocurrency, leading to low system performance. Threat actors that distribute CoinMiners tend to mine coins that guarantee anonymity, such as... Malware Threat Guideline ★★
Blog.webp 2023-01-30 06:59:43 Analysis Report on Malware Distributed via Microsoft OneNote (lien direct) This document is an analysis report on malware that is being actively distributed using Microsoft OneNote. The ASEC analysis team identified the rapidly increasing trend of OneNote malware distribution from November 2022 and has classified the malware according to the level of intricacy based on the screen that appears when the file is actually opened. These categories include ‘1) The type where malicious objects are hidden with simple block images’ and ‘2) The more intricately created malicious OneNote types’. Below... Malware Prediction ★★★★
Blog.webp 2023-01-30 00:57:25 (Déjà vu) ASEC Weekly Malware Statistics (January 16th, 2023 – January 22nd, 2023) (lien direct) The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 16th, 2022 (Monday) to January 22nd, 2023 (Sunday). For the main category, Infostealer ranked top with 43.0%, followed by downloader with 30.06%, backdoor with 19.9%, ransomware with 3.8%, CoinMiner 2.4%, and baking malware with 0.3%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 20.3%. The malware is distributed... Ransomware Malware ★★
Blog.webp 2023-01-27 01:51:14 (Déjà vu) ASEC Weekly Phishing Email Threat Trends (January 8th, 2023 – January 14th, 2023) (lien direct) The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 8th, 2023 to January 14th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act... Threat ★★
Blog.webp 2023-01-20 05:04:47 (Déjà vu) ASEC Weekly Malware Statistics (January 9th, 2023 – January 15th, 2023) (lien direct) The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 9th, 2023 (Monday) to January 15th, 2023 (Sunday). For the main category, downloader ranked top with 38.4%, followed by Infostealer with 37.0%, backdoor with 18.2%, ransomware with 4.0%, CoinMiner with 1.5%. Top 1 – SmokeLoader SmokeLoader is an Infostealer/downloader malware that is distributed via exploit kits. This week, it ranked first place with... Ransomware Malware ★★
Blog.webp 2023-01-17 00:41:31 (Déjà vu) ASEC Weekly Phishing Email Threat Trends (January 1st, 2023 – January 7th, 2023) (lien direct) The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 1st, 2023 to January 7th, 2022 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users' login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act... Threat ★★
Blog.webp 2023-01-17 00:31:00 Malware Disguised as a Manuscript Solicitation Letter (Targeting Security-Related Workers) (lien direct) On January 8th, the ASEC analysis team identified the distribution of a document-type malware targeting workers in the security field. The obtained malware uses an external object within a Word document to execute an additional malicious macro. Such a technique is called the template Injection method. and a similar attack case was covered in a previous blog post. When the Word document is opened, it downloads and executes an additional malicious Word macro document from the threat actor’s C&C server.... Malware Threat ★★
Last update at: 2024-05-13 12:07:54
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter