Malware Information

Phishing PDF Files with CAPTCHA Screen Being Mass-distributed

Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by AhnLab’s ASD infrastructure since July up till now amount to 1,500,000. It appears that most of them are distributed overseas, and thus there are fewer cases of damage in Korea….

Discovery of Continuous Distribution of North Korea-related Malicious Word Files

The ASEC analysis team has discovered the continuous distribution of malicious Word files containing North Korea-related materials. The macro code inside the Word file is similar to the one that was introduced in the previous post, <‘Malicious Word File Disguised as ‘Purchase and Sales Agreement for Export-bound Gold Bars’>. The filenames of the recently discovered files are as follows: Analysis of Chinese Military Strategy and Its Prospect.doc (Discovered on October 25th) Questionnaire-December Broadcast.doc (Discovered on October 28th) Questionnaire-July Broadcast.docm (Discovered on…

Malicious Excel File Disguised as an Invoice, Possibly Targeting Companies

The ASEC analysis team has recently discovered a malicious Excel file disguised as an invoice. This file is being distributed as an e-mail attachment with the filename of Invoice-[number]_date.xlsb. The following is the malicious e-mail that is being distributed in Korea. Upon running the Excel file, editing is restricted, prompting users to click the image within the file (see figure below). As the macro is designated to this image, the user must click the image for the macro to be…

Malicious HWP File with COVID-19 Relief Fund Related ‘Collection of Personal Information Consent Form’

The ASEC analysis team has discovered a malicious HWP file that hasn’t been distributed for some time. The HWP file that was last posted in April was inserted with a malicious link object inside, and it is the first time this year that a file inserted with malicious EPS was found. The file is also uploaded in VirusTotal, and judging by the fact that the filename is ‘test.hwp’ and ‘123.hwp,’ it is possible that the file was created for testing….