Malware Being Distributed via Webhards (October 8) Posted By jcleebobgatenet , October 25, 2021 The ASEC analysis team is consistently monitoring the source of distribution of Korean malware, and recently, the team introduced UDP Rat and webhard posts that were used to distribute it. Since the upload of the post, the uploader who is speculated to be the attacker has been distributing similar malware disguised as adult games via other webhards, and they are still available for download. – UDP RAT Malware Being Distributed via Webhards The figure above shows that unlike the cases before…
Daum Phishing E-mails Disguised as ‘Purchase Order’ being Distributed Posted By jcleebobgatenet , October 25, 2021 One of the most frequently used methods for the distribution of malware is using phishing e-mails. The ASEC analysis team has introduced specific phishing attacks as well as the types of phishing e-mails in previous blog posts. Similar to the previous cases, the team has found a phishing e-mail that aims to leak Daum account credentials. Considering that the e-mail has a specific university set as its sender and recipient (see Figure 1), it appears that it was written to…
UDP RAT Malware Being Distributed via Webhards Posted By Sanseo , October 21, 2021 While monitoring the distribution source of malware in Korea, the ASEC analysis team found that UDP RAT malware disguised as an adult game is being distributed via webhards. Webhards and torrents are platforms commonly used for the distribution of malware in Korea. Attackers normally use easily obtainable malware such as njRAT and UDP RAT and disguise them as normal programs such as games or adult content for distribution. Similar cases were introduced in the previous ASEC blogs multiple times: – njRAT…
VNC Malware (TinyNuke, TightVNC) Used by Kimsuky Group Posted By jcleebobgatenet , October 20, 2021 While monitoring Kimsuky-related malware, the ASEC analysis team has recently discovered that VNC malware was installed via AppleSeed remote control malware. VNC, also known as Virtual Network Computing, is a screen sharing system that remotely controls other computers. Similar to the commonly-used RDP, it is used to remotely access and control other systems. Kimsuky group installs AppleSeed backdoor on the target system after the initial compromise, then additionally installs VNC malware via AppleSeed to ultimately control the target system in…
Change in Magniber Ransomware Vulnerability (CVE-2021-40444) Posted By jcleebobgatenet , October 15, 2021 Magniber is a fileless ransomware using an IE vulnerability and it is one of the ransomware that causes damage to numerous Korean users. It is difficult to prevent infection if not detected and blocked in advance during the vulnerability occurrence phase, which makes it difficult for anti-malware programs to detect it. Magniber ransomware had been distributed since March 15th, 2021 using CVE-2021-26411 vulnerability up to recently, but on September 16th, it was discovered that it changed to CVE-2021-40444 vulnerability. This…
