Distribution of Malicious Word Document Disguised as a Military Security Monthly Magazine (April 2021) Posted By jcleebobgatenet , April 8, 2021 On March 29th, ASEC analysis team has introduced malicious word documents containing North Korea related materials. Upon opening the file, it connects to the ‘External URL’ written within XML and downloads additional files. Recently the team has found out that malicious word documents using the mentioned method and disguised as a military security monthly magazine (April 2021) are currently being distributed. The names of the files are as follows: MonthlyKIMA2021_AprilMilitarySecurity0330.docx MonthlyKIMA2021_AprilMilitarySecurity0331.docx The document file is protected, and upon unlocking the…
Malicious Word File Disguised as Compensation Request Form (External Connection + VBA Macro) Posted By jcleebobgatenet , April 1, 2021 With malicious document files being distributed in various document formats such as HWP, DOC, XSLX, and PDF, it is safe to say that such a document-based malware has become a new trend among attackers. In pursuit of this trend, ASEC analysis team has been publishing various articles that contain related information in our blog. Today, ASEC analysis team will share the information on the newly-found malicious Word document file. This malicious Word document file takes a form of a ‘Compensation Request…
Malicious Word Documents with External Link of North Korea Related Materials Posted By jcleebobgatenet , March 29, 2021 In the previous, ASEC analysis team has introduced various types of document-based malware. Among them, malicious documents of North Korea related materials were generally produced in HWP file format. You can check the relevant information from previous ASEC blog posts. Today, DOC (Word) documents containing North Korea related materials collected by ASEC analysis team will partially be introduced. These documents are assumed to be distributed via email, and they had following content within. Upon opening, it connects to ‘External URL’…
Caution! Magniber Ransomware Being Distributed in Korea Using CVE-2021-26411 Vulnerability Posted By jcleebobgatenet , March 17, 2021 The distributor of Magniber ransomware has continued to evolve to avoid V3’s detection. It goes without saying that subscribers of ASEC Blog are well aware of the fact that AhnLab has been fighting the developers of Magniber ransomware for a long time, and that the history almost resembles a cat-and-mouse chase. This time, the distributor of Magniber waited for the anniversary day of AhnLab (March 15th), which is also a traditional holiday for AhnLab. On this day, the distributor swiftly…
Malware Being Sneakily Installed in My PC-BeamWinHTTP Malware Posted By jcleebobgatenet , March 8, 2021 The weekly malware statistics which ASEC analysis team uploads every week show that the number of occurrences for a downloader type malware named BeamWinHTTP has been on the rise for the last few weeks. According to the last ASEC weekly malware statistics, BeamWinHTTP malware is one of the top 3 most distributed malware. Since it downloads various types of malware when run, users must take extra caution. BeamWinHTTP malware is executed by a PUP installer, and users who attempt to…
