Shc Linux Malware Installing CoinMiner Posted By Sanseo , January 4, 2023 The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl. 1. Shc (Shell Script Compiler) Shc is an abbreviation for Shell Script Compiler and is responsible for…
How Infostealer Threat Actors Make a Profit Posted By Sanseo , January 3, 2023 Infostealer is a type of information-stealing malware with the goal of stealing user credentials such as the user account information, cryptocurrency wallet address, and files that are saved in programs such as web browsers and email clients. According to the ASEC report for Q3 2022, Infostealers make up more than half of malware types with executable formats reported by client companies or collected by AhnLab. As the downloader types also actually install Infostealers or backdoor-type malware, it can be said…
Types of Recent .NET Packers and Their Distribution Trends in Korea Posted By jcleebobgatenet , December 28, 2022 0. Overview This post is a summary of the TI report, ‘Report on the Trends and Types of Recent .NET Packers.’ Please refer to the report in the hyperlink for more details on the topic. Recently, packers made with .NET are being found in various places both in and outside Korea. Thus, the ASEC analysis team aims to introduce the five most commonly distributed .NET packers and their distribution trends in Korea. We will overview the types of malware distributed…
Caution! Malware Signed With Microsoft Certificate Posted By jcleebobgatenet , December 26, 2022 Microsoft announced details on the distribution of malware signed with a Microsoft certificate.[1] According to the announcement, a driver authenticated with the Windows Hardware Developer Program had been abused due to the leakage of multiple Windows developer accounts. To prevent damage, Microsoft blocked the related accounts and applied a security update (Microsoft Defender 1.377.987.0 or later). To prevent security risks, Windows only allows the loading of kernel mode drivers that are signed. If a driver is not signed, it cannot…
Phishing Attacks Impersonating Famous Korean Banking Apps Posted By jcleebobgatenet , December 22, 2022 The ASEC analysis team recently identified that multiple malicious domains targeting normal websites of the financial sector had been created. From early November, we detected multiple distribution cases of phishing emails impersonating Naver Help. Through these, we had been monitoring the malicious URL that was included in these emails. The sender’s username was ‘Naver Center’ and the emails had a variety of topics to deceive users, including notifications for changes to contact details, creation of a new one-time password, login…
