NanoCore RAT Disguised as Notification of Foreign Currency Remittance Being Spread! Posted By jcleebobgatenet , August 23, 2021 The ASEC analysis team recently discovered that the NanoCore remote access Trojan (RAT) disguised as notification of foreign currency remittance was distributed. Because the malware is usually spread through phishing mails, users need to take extra caution. The mail impersonates a capital company and is distributed with the title “[** Capital] Notification for Foreign Currency Remittance” as shown below, tricking the user to check the attached file and run it. It is assumed that the sender took an image that…
Infostealer Malware Azorult Being Distributed Through Spam Mails Posted By Sanseo , August 18, 2021 The ASEC analysis team recently discovered that Azorult malware is being distributed through spam mails. Azorult is a kind of Infostealer that accesses a C&C server to receive DLL files and commands used to leak information, and steals information such as user data files and account information to leak it to the server. Besides account information of web browsers and email clients, screenshots, cryptocurrency information, and files designated by the attacker with certain paths and extensions can be collected as…
Various Types of Threats Disguised as Software Download Being Distributed Posted By jcleebobgatenet , August 17, 2021 Through multiple posts, the ASEC analysis team has mentioned CryptBot that is searched through keywords such as cracks and serials of commercial software, urging users to take caution. CryptBot malware is the one that is usually distributed from such malicious websites, but other types are occasionally distributed as well. This post will discuss other malware programs of the same type besides CryptBot. As mentioned in previous posts, the malware is distributed from malicious webpages exposed on the top search page…
Word Document Titled ‘BIO Form’ Being Distributed Posted By jcleebobgatenet , August 12, 2021 Since last month, the ASEC analysis team has been continuously uploading posts about APT attacks using word documents. Recently, it found that the malware of the same type is being constantly distributed in the name of ‘BIO form.’ By looking at the distribution history of previous word documents, we can assume that this file is also targeting professors or research center directors related to North Korea while disguising itself as a biography form. The recently discovered file that is being…
Malware Disguised as Job Offer Letter Posted By jcleebobgatenet , August 11, 2021 The ASEC analysis team has recently discovered that KPOT Infostealer is being distributed via spam mails containing word files. There has been a number of cases ultimately downloading Infostealer programs when the macro was enabled, but this case is noticeable in that it used a word file with a particular password in a spam mail disguised as a job offer letter to trick users. While how the e-mail came to be spread has not yet been identified, it appears that…
