It looks like a normal resume, but the infection begins the moment it is opened.
Malicious shortcut files disguised as resume files have recently been circulating, requiring corporate users to exercise caution. Threat actors name the files to resemble resume documents containing company names and job titles, and when executed, they display a legitimate decoy file alongside the malicious file to lower the user’s suspicion.
May 2026 Infostealer Trend Report
Content This report summarizes the distribution channels, number of infostealers, number of detections, target companies, and execution types of new infostealers collected during the month of May 2026. The collected samples were analyzed based on data from AhnLab SEcurity intelligence Center (ASEC)’s automated data collection system, Email Honeypot system, automated
What is the true nature of the shortcut file I thought was a privacy consent form?
Evidence has recently emerged that Malicious Files posing as “Consent Forms for the Collection and Use of Personal Information” have been circulating. Threat actors use file names that are easily mistaken for work documents to trick users into running them. These files are not actual documents but shortcut files; when
Security Issues in the Korean & Global Financial Sector in May 2026
Statistics on Malware Distributed to the Financial Sector In Attack Stage 1 targeting the financial sector in May 2026, phishing had the highest score at 2.3. This is the highest figure since December 2025, indicating that Initial Breach attempts are increasingly centered on phishing. In Attack Stage 2, Dropper/Downloader had
The proliferation and evolution of AI-powered hacking tools – how generative AI has changed the cyber attack ecosystem and response strategies
WormGPT, which emerged in June 2023, has brought a paradigm shift to the cybercrime ecosystem. generative AI has lowered the barrier to entry for attacks, and AI-powered hacking tools are rapidly proliferating in both paid subscription services and free open source. furthermore, AI is evolving beyond the creation of attack
Don’t trust ‘secure mail’! malicious Files Impersonating Credit Card Companies Are Being Distributed
ahnLab recently confirmed the distribution of malicious files disguised as security emails from a major credit card company in Korea. this attack has a similar flow to the Kimsuky group’s past malicious LNK distribution case of disguising password files, but it is characterized by a change in the command execution
Guest at Midnight: Analysis of EndPoint (Midnight)
Summary EndPoint is a ransomware variant formerly known as Midnight, which is believed to be built on the Babuk ransomware framework. It targets not only Windows environments, but also ESXi and NAS environments, and uses a double extortion method that combines file encryption with Data exfiltration threats. Overview Since the
April 2026 Infostealer Trend Report
Content this report summarizes the trends of new Infostealers collected during the month of April 2026, including distribution channels, malware distribution, malware quantity, detection quantity, and disguised targets. the data collected is based on ASEC’s Automated Data Collection System, Email Honeypot System, and AhnLab product detection results. Purpose and Scope
April 2026 Security Issues in Korean & Global Financial Sector
Statistics on Malware Distributed to the Financial Sector attack Stage 1 Phishing, Attack Stage 2 Backdoor-Downloader-Dropper, and Attack Stage 3 Infostealer-Ransomware were identified as the top malware in the financial sector. The actual distribution files were identified based on MD5 Hash, and it was explained that there may be many
April 2026 Threat Trend Report on Ransomware
Purpose and Scope this report summarizes ransomware-related statistics based on Dedicated Leak Sites (DLS) (ransomware PR sites or PR pages) and Quantity of ransomware damaged systems identified during the month of April 2026. it also provides major ransomware issues in Korea and abroad and Damage Trends by Industry/Region. Key Statistics
