Phishing PDF Files with CAPTCHA Screen Being Mass-distributed Posted By jcleebobgatenet , November 5, 2021 Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by AhnLab’s ASD infrastructure since July up till now amount to 1,500,000. It appears that most of them are distributed overseas, and thus there are fewer cases of damage in Korea….
Discovery of Continuous Distribution of North Korea-related Malicious Word Files Posted By jcleebobgatenet , November 2, 2021 The ASEC analysis team has discovered the continuous distribution of malicious Word files containing North Korea-related materials. The macro code inside the Word file is similar to the one that was introduced in the previous post, <‘Malicious Word File Disguised as ‘Purchase and Sales Agreement for Export-bound Gold Bars’>. The filenames of the recently discovered files are as follows: Analysis of Chinese Military Strategy and Its Prospect.doc (Discovered on October 25th) Questionnaire-December Broadcast.doc (Discovered on October 28th) Questionnaire-July Broadcast.docm (Discovered on…
Phishing Attacks Disguised as Microsoft, Targeting Corporate Users Posted By jcleebobgatenet , November 1, 2021 The ASEC analysis team has recently discovered phishing attacks disguised as Microsoft are being sent to corporate users. As shown in the figure below, the sender of the phishing e-mail is disguised as Microsoft, and the e-mail is distributed with the subject of “Password Expiring Notice”. The body of the e-mail says, “Your password to a certain account has expired today. Use same password to keep access to your Office365 account.” Upon clicking the text “KEEP YOUR PASSWORD”, a screen…
Malicious Excel File Disguised as an Invoice, Possibly Targeting Companies Posted By jcleebobgatenet , October 28, 2021 The ASEC analysis team has recently discovered a malicious Excel file disguised as an invoice. This file is being distributed as an e-mail attachment with the filename of Invoice-[number]_date.xlsb. The following is the malicious e-mail that is being distributed in Korea. Upon running the Excel file, editing is restricted, prompting users to click the image within the file (see figure below). As the macro is designated to this image, the user must click the image for the macro to be…
Malicious HWP File with COVID-19 Relief Fund Related ‘Collection of Personal Information Consent Form’ Posted By jcleebobgatenet , October 28, 2021 The ASEC analysis team has discovered a malicious HWP file that hasn’t been distributed for some time. The HWP file that was last posted in April was inserted with a malicious link object inside, and it is the first time this year that a file inserted with malicious EPS was found. The file is also uploaded in VirusTotal, and judging by the fact that the filename is ‘test.hwp’ and ‘123.hwp,’ it is possible that the file was created for testing….
