Warning Against Infostealer Disguised as Installer
The StealC malware disguised as an installer is being distributed en masse. It was identified as being downloaded via Discord, GitHub, Dropbox, etc. Considering the cases of distribution using similar routes, it is expected to redirect victims multiple times from a malicious webpage disguised as a download page for a
CryptoWire with Decryption Key Included
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of CryptoWire, a ransomware that was once viral in 2018. CryptoWire is mainly distributed via phishing emails and is made using Autoit script. Main Features The ransomware copies and pastes itself in the path “C\Program Files\Common Files,” and registers a schedule
Threat Trend Report on Ransomware – Statistics and Major Issues in February 2024
Purpose and Scope This report provides statistics on the number of new ransomware samples, number of targeted systems, and targeted companies collected in February 2024, as well as major Korean and international ransomware issues worth noting. Major ransomware-related issues and ransomware-specific statistical information other than those mentioned in this report
Threat Trend Report on APT Attacks (South Korea) – February 2024 Major Issues on APT Attacks
Overview AhnLab monitors Advanced Persistent Threat (APT) attacks targeting South Korean entities using its infrastructure. This report will cover the classification and statistics of APT attacks in South Korea detected during February 2024, and introduce their features by type. Figure 1. Statistics on APT attacks in South Korea in
Infostealer Disguised as Adobe Reader Installer
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of an Infostealer disguised as the Adobe Reader installer. The threat actor is distributing the file as PDF, prompting users to download and run the file. As shown in the Figure 1, the fake PDF file is written in Portuguese, and
Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in February 2024
Statistics of Malware in Distribution Targeting the Financial Sector Top 10 Major Malware Targeting the Financial Sector Attack Stage Malware Type MD5 Hash Stage 1 Phishing f7db2045ef80e8e4c86db829ec0b6ee6 Stage 1 WebShell b597418bea2ff4da50540ed191e1bb55 Stage 2 HackTool 18cfc7e41afdeb10b15a54e6e39f0463 Stage 2 HackTool 110dde62258542a1bcdc15a2af5b54d2 Stage 2 Dropper 19c2decfa7271fa30e48d4750c1d18c1 Stage 2 Dropper 27ef6917fe32685fdf9b755eb8e97565
Distribution of MSIX Malware Disguised as Notion Installer
An MSIX malware disguised as the Notion installer is being distributed. The distribution website looks similar to that of the actual Notion homepage. The user gets a file named “Notion-x86.msix” upon clicking the download button. This file is Windows app installer, and it is signed with a valid certificate.
z0Miner Exploits Korean Web Servers to Attack WebLogic Server
AhnLab SEcurity intelligence Center (ASEC) has found numerous cases of threat actors attacking vulnerable Korean servers. This post introduces one of the recent case in which the threat actor ‘z0Miner’ attacked Korean WebLogic servers. z0Miner was first introduced by Tencent Security, a Chinese Internet service provider. https://s.tencent.com/research/report/1170.html (This link is
WogRAT Malware Exploits aNotepad (Windows, Linux)
AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system. As the threat actor used the string ‘WingOfGod’ during
Phishing Malware That Sends Stolen Information Using Telegram API
Last year, AhnLab SEcurity intelligence Center (ASEC) introduced phishing script files that used Telegram to leak user information [1]. Recently, several phishing scripts using Telegram are being distributed indiscriminately through keywords such as remittance and receipts. Unlike the phishing script files that were distributed in the early days, the latest
