What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
Blog.webp 2022-07-28 05:48:00 (Déjà vu) ASEC Weekly Malware Statistics (July 18th, 2022 – July 24th, 2022) (lien direct) The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 18th, 2022 (Monday) to July 24th, 2022 (Sunday). For the main category, info-stealer ranked top with 44.7%, followed by backdoor with 40.3%, downloader with 14.5%, and ransomware with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 27.0%. It is an info-stealer that leaks user credentials... Ransomware Malware
Blog.webp 2022-07-28 05:43:00 Phishing Email Disguised as Korean Web Portal Page (Daum) (lien direct) On July 21st, the ASEC analysis team discovered the distribution of phishing email disguised as Daum, one of Korea’s portal websites. The email was made to resemble an estimate request by including RFQ on the title. It uses its attachment to lead the user to a phishing webpage. The attachment is an HTML file, and opening the file automatically redirects the user to the following URL. hxxps://euoi8708twufevry4yuwfywe8y487r.herokuapp[.]com/sreverse.php After redirection, the phishing webpage (see Figure 3 on the left) disguised as... Guideline
Blog.webp 2022-07-28 05:34:16 Attackers Profiting from Proxyware (lien direct) Proxyware is a program that shares a part of the Internet bandwidth that is currently available on a system to others. Users who install the program are usually paid with a certain amount of cash in exchange for providing the bandwidth. Companies that provide such a service include Peer2Profit and IPRoyal. They gain profit by providing the bandwidth to other companies and claim on their webpages that they have various business partners using the service for distributing software, investigating markets,...
Blog.webp 2022-07-28 05:27:47 AppleSeed Being Distributed to Maintenance Company of Military Bases (lien direct) The ASEC analysis team has recently discovered a case of AppleSeed being distributed to a certain maintenance company of military bases. AppleSeed is a backdoor malware mainly used by the Kimsuky group and is actively being distributed to multiple attack targets as of late. In this case, the malware was distributed with a file under the name of a military base. 20220713_**** base_installation planned dateV004_*** edited_6.xls AppleSeed was distributed as an Excel file (XLS) and protected with a password to... Malware
Blog.webp 2022-07-25 05:26:50 IcedID Being Distributed Through ISO Files (lien direct) The ASEC analysis team has been introducing various types of malware that were distributed through ISO files. And the team recently discovered the distribution of IcedID (module-type banking malware) through ISO files. There were two methods to distribute the malware. The first one used the same method employed by the Bumblebee malware that was discussed in the previous post. The second method is similar to the first one but had script files and the cmd command added. The first type... Malware
Blog.webp 2022-07-25 05:21:11 Change in Magniber Ransomware (*.msi → *.cpl) – July 20th (lien direct) Since February 2022, Magniber has been using a Windows installer package file (.msi) instead of IE browser vulnerability for its distribution. The ransomware includes a valid certificate and was distributed as DLL form inside the MSI file. However, starting from July 20th (Wednesday), it is now being distributed as a CPL file extension instead of MSI. As the cases of using an MSI file for distribution are decreasing, the attacker of Magniber likely has changed the method of distribution. (July... Ransomware Vulnerability
Blog.webp 2022-07-25 05:17:47 (Déjà vu) ASEC Weekly Malware Statistics (July 11th, 2022 – July 17th, 2022) (lien direct) The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 11th, 2022 (Monday) to July 17th, 2022 (Sunday). For the main category, info-stealer ranked top with 52.2%, followed by backdoor with 26.8%, downloader with 19.7%, banking with 0.6%, and ransomware with 0.6%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.9%. It is an info-stealer that leaks... Ransomware Malware
Blog.webp 2022-07-25 05:15:35 Cases of Attacks Targeting Vulnerable Atlassian Confluence Servers (lien direct) The ASEC analysis team has been monitoring attacks that are targeting vulnerable systems. This post will discuss cases of attacks targeting vulnerable Atlassian Confluence Servers that are not patched. Atlassian’s Confluence is a major collaboration platform used by many companies across the globe. Being a web-based platform, services such as managing projects and collaboration are mainly provided by Confluence Servers (or Confluence Data Centers). As it is a solution used by many companies, many vulnerabilities targeting vulnerable Confluence Servers and...
Blog.webp 2022-07-21 00:17:28 (Déjà vu) ASEC Weekly Malware Statistics (July 4th, 2022 – July 10th, 2022) (lien direct) The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 4th, 2022 (Monday) to July 10th, 2022 (Sunday). For the main category, info-stealer ranked top with 43.9%, followed by downloader with 27.2%, backdoor with 21.1%, banking with 6.1%, ransomware with 1.1%, and coinminer with 0.6%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 27.2%. It is an... Ransomware Malware
Blog.webp 2022-07-21 00:10:40 Malware Being Distributed by Disguising Itself as Icon of V3 Lite (lien direct) The ASEC analysis team has discovered the distribution of malware disguised as a V3 Lite icon and packed with the .NET packer. The attacker likely created an icon that is almost identical to that of V3 Lite to trick the user, and AveMaria RAT and AgentTesla were discovered during the last month using this method. As shown in Figure 1, the icon looks almost identical to the actual V3 Lite icon. AveMaria is a RAT (Remote Administration Tool) malware with... Malware
Blog.webp 2022-07-21 00:06:36 Amadey Bot Being Distributed Through SmokeLoader (lien direct) Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it has been sold in illegal forums and used by various attackers. The ASEC analysis team previously revealed cases where Amadey was used on attacks in the ASEC blog posted in 2019 (English version unavailable). Amadey was mainly used to install ransomware by attackers of GandCrab or to install FlawedAmmyy by... Ransomware Malware
Blog.webp 2022-07-20 23:41:12 Change in Injection Method of Magniber Ransomware (lien direct) The ASEC analysis team is constantly monitoring Magniber, which has a higher number of distribution cases. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed as a Windows installer package file (.msi) on Edge and Chrome browsers. Magniber, which is being distributed as Windows installation package file (.msi), has hundreds of distribution logs reported every day (see... Ransomware Vulnerability
Blog.webp 2022-07-11 23:47:10 GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email (lien direct) GuLoader has ranked again in Top 5 malware keywords of ASEC Weekly Malware Statistics for the first time in two years. It is a downloader malware that can download additional malware, and got its name as Google Drive is frequently used as its download URL. The ASEC analysis team has discovered that this type of malware took the most portion among Downloader malware types that were distributed during the 2nd quarter of this year (see figure below). Recently discovered case... Malware
Blog.webp 2022-07-11 00:47:31 Meterpreter Distributed to Vulnerable Server of Korean Medical Institution (lien direct) While monitoring malware strains distributed to vulnerable servers, the ASEC analysis team discovered an attack case for PACS (Picture Archiving and Communication System) server used by Korean medical institutions. PACS is a system for digitally managing and transferring medical images of patients, which is used to check and interpret the images without being restrained by time and space. This system is thus used by many hospitals. As there are multiple PACS vendors, each medical institution may use different PACS systems.... Malware
Blog.webp 2022-07-11 00:36:11 AppleSeed Disguised as Purchase Order and Request Form Being Distributed (lien direct) The ASEC analysis team has recently discovered the distribution of AppleSeed disguised as purchase orders and request forms. AppleSeed is a backdoor malware mainly used by the Kimsuky group. It stays in the system and performs malicious behaviors by receiving commands from attackers. The malware is currently being distributed under the following filenames. Purchase order-**-2022****-001-National Tax Service additionally implementing security sensors in 5 regional tax offices_***.jse Request form(general manager ***).jse The JSE (JScript Encoded File) file consists of JavaScript, and... Malware
Blog.webp 2022-07-07 01:27:25 (Déjà vu) ASEC Weekly Malware Statistics (June 27th, 2022 – July 3rd, 2022) (lien direct) The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 27th, 2022 (Monday) to July 3rd, 2022 (Sunday). For the main category, info-stealer ranked top with 48.0%, followed by banking malware with 26.5%, RAT (Remote Administration Tool) with 12.5%, downloader with 8.2%, ransomware with 2.2%, coinminer with 1.8%, and backdoor with 0.7%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked... Ransomware Malware
Blog.webp 2022-07-07 01:13:00 AsyncRAT Being Distributed to Vulnerable MySQL Servers (lien direct) The ShadowServer foundation has recently released a report showing that there are about 3.6 million MySQL servers exposed to outside. Along with MS-SQL server, MySQL server is one of the main database servers that provides the feature of managing large amounts of data in a corporate or user environment. MS-SQL is mainly used in Windows environments, but MySQL is still being used by many in Linux environments. ASEC analysis team is constantly monitoring malware distributed to vulnerable database servers. In... Malware
Blog.webp 2022-07-01 05:48:14 I Don\'t Want to Receive Any Unnecessary Information! (lien direct) According to Section 50 of the ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, anyone who wishes to send promotional information for commercial purposes via electronic transmission media must receive explicit consent of the receiver in advance. Spam refers to promotional information sent or posted for commercial purposes through communications networks although it is unwanted by the user. This post will present the analysis of a program that sends messages automatically on a particular web portal.... Spam
Blog.webp 2022-07-01 05:27:57 Case of Attack Exploiting AnyDesk Remote Tool (Cobalt Strike and Meterpreter) (lien direct) MS-SQL servers are mainly the attack targets for Windows systems. Attackers scan vulnerable MS-SQL servers that are poorly managed and install malware upon gaining control. Malware strains installed by attackers include CoinMiner, ransomware, backdoor, etc., and may vary depending on the purpose of the attack. Most backdoor strains are remote control types such as Remcos RAT and Gh0st RAT, but there are also infiltration testing tools used to dominate companies’ internal systems such as Cobalt Strike and Meterpreter. The attack... Malware Tool
Blog.webp 2022-06-29 05:06:20 (Déjà vu) ASEC Weekly Malware Statistics (June 20th, 2022 – June 26th, 2022) (lien direct) The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 20th, 2022 (Monday) to June 26th, 2022 (Sunday). For the main category, info-stealer ranked top with 53.8%, followed by downloader with 25.1%, backdoor with 14.8%, banking malware with 4.9%, and ransomware with 1.3%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 25.6%. It is an info-stealer that... Ransomware Malware
Blog.webp 2022-06-28 04:44:03 ASEC Weekly Malware Statistics (June 13th, 2022 – June 19th, 2022) (lien direct) The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 13th, 2022 (Monday) to June 19th, 2022 (Sunday). For the main category, info-stealer ranked top with 63.8%, followed by backdoor with 17.8%, downloader with 8.9%, banking malware with 7.5%, and ransomware with 1.9%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.1%. It is an info-stealer that... Ransomware Malware
Blog.webp 2022-06-28 04:42:22 New Info-stealer Disguised as Crack Being Distributed (lien direct) The ASEC analysis team has previously uploaded posts about various malware types that are being distributed by disguising themselves as software cracks and installers. CryptBot, RedLine, and Vidar are major example cases. Recently, a single malware type of RedLine has disappeared (it is still being distributed as a dropper type) and a new infostealer malware is being actively distributed instead. Its distribution became in full swing starting from May 20th, globally categorized as “Recordbreaker Stealer.” Some analyses see it as... Malware
Last update at: 2024-05-13 00:07:47
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter