ASEC Weekly Phishing Email Threat Trends (January 15th, 2023 – January 21st, 2023)

The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 15th, 2023 to January 21st, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act…

A Phishing Page that Changes According to the User’s Email Address (Using Favicon)

The ASEC analysis team continuously monitors phishing emails, and we have been detecting multiple phishing emails that are distributed with a changing icon to reflect the mail account service entered by the user. The following is an email distributed on January 16, 2023, warning users that their account will be shut down, prompting them to click the ‘Reactivate Now’ link if they need their account kept active. The linked phishing page steals the user’s email account and password. There are…

Attack Cases of CoinMiners Mining Ethereum Classic Coins

The ASEC analysis team is monitoring CoinMiners that are targeting Korean and overseas users. We have covered cases of various types of CoinMiner attacks over multiple blog posts in the past. This post aims to introduce the recently discovered malware that mine Ethereum Classic coins. 0. Overview CoinMiners are installed without user awareness and use the system’s resources to mine cryptocurrency, leading to low system performance. Threat actors that distribute CoinMiners tend to mine coins that guarantee anonymity, such as…

ASEC Weekly Malware Statistics (January 16th, 2023 – January 22nd, 2023)

The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 16th, 2022 (Monday) to January 22nd, 2023 (Sunday). For the main category, Infostealer ranked top with 43.0%, followed by downloader with 30.06%, backdoor with 19.9%, ransomware with 3.8%, CoinMiner 2.4%, and baking malware with 0.3%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 20.3%. The malware is distributed…

Analysis Report on Malware Distributed via Microsoft OneNote

This document is an analysis report on malware that is being actively distributed using Microsoft OneNote. The ASEC analysis team identified the rapidly increasing trend of OneNote malware distribution from November 2022 and has classified the malware according to the level of intricacy based on the screen that appears when the file is actually opened. These categories include ‘1) The type where malicious objects are hidden with simple block images’ and ‘2) The more intricately created malicious OneNote types’. Below…