Infostealer Disguised as Well-Known Korean Web Portal File

The ASEC analysis team has discovered an infostelaer type malware disguised as a file related to a Korean web portal. The team found the NAVER.zip file in the malicious URL used in recent phishing emails with the compressed file including an executable named ‘NaverProtector.exe’. The email with the malicious URL contains information about Kakao account as shown below. When users click the <Lift Protection> button, they are redirected to hxxp://mail2.daum.confirm-pw[.]link/kakao/?email=[email address] and will have their account credentials stolen by the … Continue reading Infostealer Disguised as Well-Known Korean Web Portal File