Distribution of DanaBot Malware via Word Files Detected by AhnLab EDR
There are two types of malicious documents that are distributed via email recently: those exploiting equation editor and those including external link URLs. This post will describe the infection flow of the DanaBot malware that is distributed through documents containing external links, the latter method, as well as the evidence
Malware Distributed as Copyright Violation-Related Materials (Beast Ransomware, Vidar Infostealer)
AhnLab SEcurity Intelligence Center (ASEC) has been continuously covering malware disguised as copyright violation warnings and resumes as a means of distributing ransomware and Infostealers. [Warning] Distribution of Malware Disguised as Resumes and the Fair Trade Commission [1] Distribution of Malware via Resume/Copyright-Related Emails (Ransomware, Infostealer) [2] Makop Ransomware Distributed as Copyright
RemcosRAT Distributed Using Steganography
AhnLab SEcurity intelligence Center (ASEC) has recently identified RemcosRAT being distributed using the steganography technique. Attacks begin with a Word document using the template injection technique, after which an RTF that exploits a vulnerability in the equation editor (EQNEDT32.EXE) is downloaded and executed. The RTF file downloads a VBScript with
Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server
AhnLab SEcurity intelligence Center (ASEC) has discovered evidence of a malware strain being distributed to web servers in South Korea, leading users to an illegal gambling site. After initially infiltrating a poorly managed Windows Internet Information Services (IIS) web server in Korea, the threat actor installed the Meterpreter backdoor, a
CHM Malware Stealing User Information Being Distributed in Korea
AhnLab SEcurity intelligence Center (ASEC) has recently discovered circumstances of a CHM malware strain that steals user information being distributed to Korean users. The distributed CHM is a type that has been constantly distributed in various formats such as LNK, DOC, and OneNote from the past. A slight change to
LNK File Disguised as Certificate Distributing RokRAT Malware
AhnLab SEcurity intelligence Center (ASEC) has confirmed the continuous distribution of shortcut files (*.LNK) of abnormal sizes that disseminate backdoor-type malware. The recently confirmed shortcut files (*.LNK) are found to be targeting South Korean users, particularly those related to North Korea. The confirmed LNK file names are as follows: National
Threat Trend Report on Virtual Asset Scams and Crypto Wallet Drainers
Overview Virtual assets refer to assets in virtual form, such as assets that exist in the virtual economy, crypto (virtual) currency, or NFTs (Non-Fungible Tokens). In this report, cryptocurrency and NFTs are referred to as virtual assets. 1. Virtual Asset Wallets Wallets to store virtual assets can
Analysis Report on Malware Distributed Through a South Korean Language Academy Website
Overview The AhnLab SEcurity intelligence Center (ASEC) recently confirmed that a Meterpreter backdoor, port forwarding, and IIS module malware tools were installed through an improperly managed Windows IIS (Internet Information Services) web server. In the case of this attack, the threat actor ultimately installed IIS module malware on the
Analysis of TargetCompany’s Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)
While monitoring attacks targeting MS-SQL servers, AhnLab SEcurity intelligence Center (ASEC) recently identified cases of the TargetCompany ransomware group installing the Mallox ransomware. The TargetCompany ransomware group primarily targets improperly managed MS-SQL servers to install the Mallox ransomware. While these attacks have been ongoing for several years, here we will
Distribution of Infostealer Made With Electron
AhnLab SEcurity intelligence Center (ASEC) has discovered an Infostealer strain made with Electron. Electron is a framework that allows one to develop apps using JavaScript, HTML, and CSS. Discord and Microsoft VSCode are major examples of applications made with Electron. Apps made with Electron are packaged and usually distributed in
