Darkweb Malware Phishing/Scam Trend

Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in March 2024

  • Apr 02 2024
Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in March 2024

Statistics on Malware Distributed to Financial Sectors


 

Statistics on Korean Accounts Exfiltrated Via Telegram by Industry


 

Phishing Email Distribution Cases Targeting the Financial Sector

 

Case 1. Targeting Korea Investment & Securities Co., Ltd. employees by disguising as a voice mail

Impersonation target

 Voice mail

How the Phishing Attack Is Triggered

 Prompting the user to click the hyperlink within the email and enter login information on the phishing site

Post Infection Impact
  • Login credentials transmitted via the Telegram API to the threat actor
  • C2 (phishing page): hxxps://firebasestorage.googleapis[.]com/v0/b/wrld-d3bbe.appspot.com/o/EVY%2Fauth%2FLOGIN.html?alt=media&token=d7f9055e-d337-4304-9
  • C2 (Telegram transfer): hxxps://api.telegram[.]org/bot6466403227:AAF03y6RJrsJKvcVJ57vWWNUq1peot9s26A/sendMessageaff-d85339c0ef21

 

MD5

0457e77fcfae9c4b81ea8a20bce91ec5
0ae2b4ee25fdd342b49c40afe234fbaf
0dc7a3ddfc6a8526d901a4bf1a582771
20eb38971b4eac1d62dba24ac33389ce
44351f5b633f64c785a5cb681f54db24

Tags:
Previous Post

Next Post