BlueCrab Ransomware’s Continuous Attempts to Bypass Detection
EndPoint Malware

BlueCrab Ransomware’s Continuous Attempts to Bypass Detection

BlueCrab Ransomware (=Sodinokibi Ransomware) is a ransomware that is being vigorously distributed to Korean users. It distributes through a fake forum web page created using various search keywords. The infection process begins at the moment when a user runs the JS file downloaded from the distribution page. The distribution page

  • Jan 28 2021
[Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant
Malware

[Threat Analysis] CLOP Ransomware that Attacked Korean Distribution Giant

In November last year, there was a case that shocked not only the security industry, but also all of the Korean industries. The system of E-Land Group, the distribution giant, was infected by the ‘CLOP Ransomware.’ According to the press report that quoted an associate of the company, over half

  • Jan 05 2021
Malware Distributed via Discord along with Illegal Pornography
Malware

Malware Distributed via Discord along with Illegal Pornography

The ASEC analysis team recently discovered batches of RAT (Remote Administration Tool) malware that is being distributed via Discord messenger. Currently, a downloader malware that downloads these batches of malware is being distributed under the name ‘porn URL.exe’ and when this malware is run, it downloads various RAT malwares externally

  • Dec 21 2020
Magniber Ransomware Changed Vulnerability (CVE-2019-1367 -> CVE-2020-0968) and Attempted to Bypass Behavior Detection
Malware Vulnerabilities

Magniber Ransomware Changed Vulnerability (CVE-2019-1367 -> CVE-2020-0968) and Attempted to Bypass Behavior Detection

At the beginning of this year, ASEC analysis team published the change of vulnerability which is used by the developer of Magniber to distribute the ransomware. Since September 23, 2019, CVE-2019-1367 vulnerability, which the developer of Magniber used for distribution, stopped operating in the systems with emergency security patch (Version

  • Dec 17 2020
PHP WebShell Malware using Image Files
Malware

PHP WebShell Malware using Image Files

WebShell is a file that is uploaded to a web server which runs file navigation or system shell commands. The attacker can use the web browser to navigate through the files of the server system and issue shell commands. Certain file extensions for uploaded files can be restricted to prevent

  • Dec 08 2020
Remcos RAT Malware being Distributed as Spam Mail
Malware

Remcos RAT Malware being Distributed as Spam Mail

Remcos is a RAT (Remote Access Trojan) malware that has been distributed through spam mail for the past few years. Remcos is being sold by its developer using the website below, describing it as a RAT tool for remote management, it has been updated regularly until recent days. According to

  • Nov 23 2020
Infostealer Malware Azorult Being Distributed Through Spam Mails
Malware

Infostealer Malware Azorult Being Distributed Through Spam Mails

The ASEC analysis team recently discovered that Azorult malware is being distributed through spam mails. Azorult is a kind of Infostealer that accesses a C&C server to receive DLL files and commands used to leak information, and steals information such as user data files and account information to leak it

  • Nov 09 2020
Info Theft Malware Distribution Phishing Campaign
Malware Phishing/Scam

Info Theft Malware Distribution Phishing Campaign

The ASEC analysis team discovered a phishing site that distributes info-stealer malware by disguising it as a crack program of a normal utility. As shared in the post posted on June 29th (https://asec.ahnlab.com/ko/1339/), the phishing site appears in the top results when the utility program name is searched along with

  • Nov 09 2020