Malware Information

‘Resume.xll’ File Being Distributed in Korea (LockBit 2.0)

In mid-2022, the ASEC analysis team shared that malware with the XLL file format (file extension: .xll) was being distributed via email. The XLL file has a DLL form of a PE (Portable Executable) file but is executed with Microsoft Excel. Since then, this type of malware had not been distributed actively, but for the first time in a long while, we found that it was being distributed with the filename, ‘Resume.xll‘. Post from May 20th, 2022: XLL Malware Distributed…

Domains Used for Magniber Distribution in Korea

On November 7th, the ASEC analysis team introduced through a blog post the Magniber ransomware which attempted MOTW (Mark of the Web) bypassing. Afterward, using the data left in Zone.Identifier, we conducted an investigation on the sources used for the distribution of Magniber. With the typosquatting method—which exploits typos—when the user accesses the wrongly entered domain, the msi file (Magniber) is downloaded after redirecting to an advertisement page. Examination of Zone.Identifier created at this stage reveals the URL from where…

Phishing Website Disguised as a Famous Korean Email Login Website Being Distributed

The ASEC analysis team has identified the distribution of a malicious website in Korea that aims to steal account credentials from a famous Korean email service website. The phishing website the email is redirected to is disguised as a login page for a Korean email website, and over 50 cases in Korea were confirmed to have accessed the website. Thus users must take particular caution when logging into this email website. The phishing website is disguised as the login page…

LockBit Ransomware Being Mass-distributed With Similar Filenames

The ASEC analysis team had written about LockBit ransomware being distributed through emails over three blog posts. Through consistent monitoring, we hereby let you know that LockBit 2.0 and LockBit 3.0 are being distributed again with only a change to their filenames. Unlike the previous cases introduced in the blog where Word files or copyright claim emails were used, the recent versions are being distributed through phishing mails disguised as job applications. LockBit Ransomware Being Distributed Using Resume and Copyright-related…

How Is My Phone Number Leaked?

The PERSONAL INFORMATION PROTECTION ACT is a law to protect the freedom and rights of individuals, and it aims to actualize the individual dignity and value of people. According to the act, personal information is defined as pieces of information that can easily identify an individual when coupled with other pieces of information, and phone numbers are seen as one of the main types of personal information. This post explains the PUP (Potentially Unwanted Program) that collects phone numbers. Figure…