Supershell Malware Being Distributed to Linux SSH Servers
Malware

Supershell Malware Being Distributed to Linux SSH Servers

AhnLab SEcurity intelligence Center (ASEC) has recently discovered an attack case installing the Supershell backdoor on inadequately managed Linux SSH servers. Created by a Chinese-speaking developer, Supershell is developed in the Go language and supports various platforms including Windows, Linux, and Android. Its primary function is a reverse shell, which

  • Sep 11 2024
APT Attack Disguised as a Research Paper on Russia-North Korea Partnership (Kimsuky)
APT Malware Phishing/Scam

APT Attack Disguised as a Research Paper on Russia-North Korea Partnership (Kimsuky)

AhnLab SEcurity intelligence Center (ASEC) has recently discovered an APT attack targeting Korean users. During the attack, the threat actor used a GitHub repository, which was uploaded with various malicious scripts and normal decoy files used for the attack. Figure 1. Threat actor’s GitHub repository   Malicious behaviors are performed

  • Sep 06 2024
Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web Cases in August 2024
Darkweb Malware Phishing/Scam Trend

Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web Cases in August 2024

This report comprehensively covers actual cyber threats and related security issues that have occurred targeting domestic and foreign financial companies. It includes analysis of malware and phishing cases distributed targeting the financial sector, presents the top 10 major malware targeting the financial sector, and also provides industry statistics on domestic

  • Sep 05 2024
Threat Trend Report on Ransomware – Ransomware Statistics and Major Issues in August 2024
Darkweb Malware Trend

Threat Trend Report on Ransomware – Ransomware Statistics and Major Issues in August 2024

This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in August 2024, as well as notable ransomware issues in Korea and other countries.  Disclaimer: The number of ransomware samples and targeted systems are based on the detection names designated by AhnLab, and the

  • Sep 05 2024
Binary Managed Object File (BMOF) Distributing XMRig CoinMiner (Detected by MDS)
Malware

Binary Managed Object File (BMOF) Distributing XMRig CoinMiner (Detected by MDS)

This blog post introduces Binary Managed Object Files (BMOFs) and cases where XMRig CoinMiner is distributed through them.   Binary Managed Object File (BMOF)   Binary Managed Object File (BMOF) is a compiled version of Managed Object File (MOF), which is used for defining and managing information related to Windows

  • Sep 04 2024
Weekly Detection Rule (YARA and Snort) Information – Week 1, September 2024
Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 1, September 2024

The following is the information on Yara and Snort rules (week 1, September 2024) collected and shared by the AhnLab TIP service. 7 YARA Rules Detection name Description Source PK_BanquePostale_sicilien : Banque Postale Phishing Kit impersonating la Banque Postale https://github.com/t4d/PhishingKit-Yara-Rules PK_Binance_uysnx : Binance Phishing Kit impersonating Binance https://github.com/t4d/PhishingKit-Yara-Rules PK_DHL_x911 :

  • Sep 04 2024
Weekly Detection Rule (YARA and Snort) Information – Week 5, August 2024
Malware Networks

Weekly Detection Rule (YARA and Snort) Information – Week 5, August 2024

The following is the information on Yara and Snort rules (week 5, August 2024) collected and shared by the AhnLab TIP service. 14 YARA Rules Detection name Description Source PK_Chase_prohqcker Phishing Kit impersonating Chase bank https://github.com/t4d/PhishingKit-Yara-Rules PK_Colissimo_blackforce Phishing Kit impersonating Colissimo https://github.com/t4d/PhishingKit-Yara-Rules PK_IDME_prohqcker Phishing Kit impersonating ID.me https://github.com/t4d/PhishingKit-Yara-Rules PK_LCL_2024 Phishing

  • Aug 28 2024
Distribution of Godzilla WebShell Abusing ViewState (Targeting Financial Sector)
Malware Vulnerabilities

Distribution of Godzilla WebShell Abusing ViewState (Targeting Financial Sector)

Overview   AhnLab SEcurity intelligence Center (ASEC) has recently detected an attack targeting financial sector companies. The threat actor primarily targeted ASP.NET environments with vulnerable configurations, abusing the ViewState feature supported by ASP.NET.  ViewState is a fundamental feature of ASP.NET that allows the handling of user input or other data

  • Aug 27 2024
Analysis Report on APT Attack Cases Using noMu Backdoor
APT Malware

Analysis Report on APT Attack Cases Using noMu Backdoor

AhnLab SEcurity intelligence Center (ASEC) has recently identified attack cases where an unknown threat actor installed various remote control malware targeting Korean users and systems. The threat actor used a range of reverse shells, backdoors, and VNC malware strains, and also utilized RDP for remote screen control. Among the malware

  • Aug 23 2024
Malware Disguised as Browser Update
Malware Phishing/Scam

Malware Disguised as Browser Update

Recently, AhnLab SEcurity intelligence Center (ASEC) identified the distribution of malware disguised as a browser update targeting a wide range of users. This malware is distributed through infected websites, and when users visit these sites, malicious scripts are loaded. The scripts create fake update windows for browsers like Chrome or

  • Aug 23 2024