CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft)
ASEC (AhnLab Security Emergency response Center) analysis team has discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group (also known as APT37, ScarCruft), is being distributed to Korean users. The team has confirmed that the command used in the “2.3. Persistence” stage of the RedEyes group’s M2RAT malware attack, which was reported back in February, has the same format as the command used in this attack. This information, as well as the … Continue reading CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft)
65 Comments