AgentTesla Being Distributed via More Sophisticated Malicious PowerPoint Files Posted By jcleebobgatenet , December 7, 2021 The ASEC analysis team has introduced malicious PowerPoint files that have been continuously distributed since last year. Recently, the team has discovered that various malicious features were added to the script that is run in the malicious PowerPoint file. The method the malicious file is run remains the same as the previous cases, and it performs features such as Anti-AV, and UAC Bypass, and execution of additional malware by a malicious script. When the PowerPoint file is run, a security…
Distribution of Phishing Emails Targeting Korean Research Institutes and Companies Posted By jcleebobgatenet , December 6, 2021 The ASEC analysis team has discovered the distribution of phishing emails targeting Korean research institutes and companies to steal passwords. The phishing email impersonated an international transport company, requesting the user to submit custom information, and open the attachment file to prompt the user to click the URL. Upon clicking the link in the email, the user is redirected to a phishing page that prompts the user to enter their password. As the team has also discovered cases of distribution…
Distribution of Malicious Excel Files Targeting Companies Amid Black Friday Season Posted By jcleebobgatenet , November 30, 2021 Malicious Excel files are being distributed to companies amid the Black Friday season. The email confirmed today (Nov 25th) is an email reported by the attacked company in Korea. Attached to the email is an Excel file that contains an Excel 4.0 Macro (XLM) macro sheet in the form of the XLSB excel binary. It checks whether the system is a domain controller then activates additional malicious features. The filename of the attached Excel file has a format of ‘promo…
Emails Disguised as ‘Emirates Post’ Being Distributed During the Overseas Direct Purchase Season Posted By jcleebobgatenet , November 24, 2021 The ASEC analysis team has introduced numerous phishing websites disguised as various companies. The team has recently discovered a malicious email disguised as Emirates Post, a transport company, during the overseas direct purchase season. As shown in the figure below, the malicious email states that there is a problem with the shipping address, requesting the purchaser to check and return. The texts “Tracking Number” and “Click Here” contain a malicious URL that redirects the clicker to the phishing website. It…
North Korea-related Malicious Document Files Using CVE-2021-40444 Vulnerability Posted By jcleebobgatenet , November 22, 2021 The ASEC analysis team has recently discovered the distribution of malicious files that include a new vulnerability CVE-2021-40444 which was revealed by Microsoft in September. It is noteworthy that the confirmed document files are all North Korea-related materials. North Korea-related malicious files have been evolving in new ways since the past. Seeing that the attackers are using a new vulnerability, they are quickly applying the new techniques in their distribution. CVE-2021-40444 is a vulnerability that allows remote code execution of MSHTML. MSHTML…