SparkRAT Being Distributed Within a Korean VPN Installer Posted By Sanseo , May 18, 2023 AhnLab Security Emergency response Center (ASEC) has recently discovered SparkRAT being distributed within the installer of a certain VPN program. SparkRAT is a Remote Administration Tool (RAT) developed with GoLang. When installed on a user’s system, it can perform a variety of malicious behaviors, such as executing commands remotely, controlling files and processes, downloading additional payloads, and collecting information from the infected system like by taking screenshots. 1. Case of Distribution The VPN provider, whose installer contained SparkRAT appears to…
Infostealer Being Distributed to Japanese Users Posted By Sanseo , May 18, 2023 AhnLab Security Emergency response Center (ASEC) has recently discovered Infostealers disguised as an adult game being distributed to Japanese users. Although the distribution route has not been confirmed as of yet, it can be assumed that the Infostealers are being distributed via torrent or illegal file-sharing websites since it is being disguised as an adult game. The method of distributing malware by disguising it as an adult game is often employed here in Korea as well. Instead of using known…
LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea Posted By AhnLab_en , May 15, 2023 AhnLab Security Emergency response Center(ASEC) has confirmed the distribution of the LokiLocker ransomware in Korea. This ransomware is almost identical to the BlackBit ransomware and their common traits have been mentioned before in a previous blog post. A summary of these similarities is as follows. Similarities Between LokiLocker and BlackBit Disguised as svchost.exe The BlackBit ransomware, which was covered in a previous post, disguised itself as a svchost.exe file. Similarly, the recently discovered LokiLocker ransomware was also found disguised as…
Chinese Hacker Group Stealing Information From Korean Companies Posted By AhnLab_en , May 15, 2023 Recently, there have been frequent cases of attacks targeting vulnerable servers that are accessible externally, such as SQL servers or IIS web servers. The team has confirmed two affected companies in this case. One being a company for semiconductors, and the other being a smart manufacturing company which utilizes artificial intelligence. It is assumed that the threat group that carried out the hacking attack is a Chinese hacker group like Xiaoqiying and Dalbit, as a Chinese text file containing instructions…
RecordBreaker Infostealer Disguised as a Well-known Korean Software Posted By AhnLab_en , May 15, 2023 The RecordBreaker Stealer is one of the main malware distributed disguised as the download of illegal programs such as cracks and keygens. It first appeared last year and has since been actively distributed to normal users. It is also referred to as Raccoon Stealer V2 and is being distributed through various channels, including websites and YouTube. CryptBot, which had been actively distributed in the same manner, had completely disappeared since February of this year, and the Vidar malware sometimes makes…
