Scam Alert: FormBook Malware Steals Incoming Mail Posted By janekyungjin , July 6, 2020 ASEC (AhnLab Security Emergency response Center) analysis team has recently confirmed that FormBook is using new tactics to persuade users into downloading and executing malicious email attachments. According to ASEC’s weekly malware analysis report, FormBook was one of the most actively distributed malware in East Asia during July. FormBook is an info stealer malware that disguises itself as normal email attachments, such as estimates, order receipts, package deliveries, and invoice documents. The email message is short and simple. The email…
Distribution of Malicious Excel (XLS) Files Disguised as Court Decision Document: KONNI Group Posted By janekyungjin , July 1, 2020 AhnLab ASEC has gathered Excel files that leak user info using malicious macro. The Excel file prompts the user to run macro, and when macro is run, it re-runs the Excel document that contains a court decision stating that the user ‘must pay a fine for abetting a breach on the Act On Door-To-Door Sales, etc. to make it difficult for the users to realize that their PC is infected. Its operation method is similar to the malware that APT…
Cryptocurrency Mining Malware Goes After Users Looking for Pirated Software Posted By janekyungjin , June 29, 2020 Recently, AhnLab warned users of cryptocurrency mining malware that are being distributed in the wild. Cryptocurrency mining malware, also known as CoinMiner malware, is going after users that are actively searching for pirated software. As a medium to spread the malware, the attacker created a phishing site that is searchable by Google and other search engines. When the user enters a certain keyword, such as ‘HWP document program crack for Mac’ or ‘crack Autocad 2006 64 Bit Keygen,’ to look…
Distribution of Avaddon Ransomware using RigEK in Korea (extension: *.avdn) Posted By janekyungjin , June 24, 2020 In early June, a new ransomware dubbed Avaddon was introduced in two articles (see link below). Since June 8, the number of distributed malware using RigEK (Rig Exploit Kit) has increased exponentially in Korea, and Avaddon ransomware is also being distributed. (June 7) sensorstechforum.com/avaddon-virus-remove/ (June 8) www.bleepingcomputer.com/news/security/new-avaddon-ransomware-launches-in-massive-smiley-spam-campaign/ The following figure shows the number of V3 behavior-detection logs for RigEK. 1153 represents No. of behavior-detection rule and this figure shows that the number of cases started skyrocketing starting from June 8. Users…
Snake Ransomware Designed to Operate Only in Specific Business Environments Posted By janekyungjin , June 18, 2020 Snake ransomware that targets specific companies is currently being distributed. Although there are no found cases in Korea as of yet, Korean companies must be on guard as it is targeting companies across nations such as Germany, Italy, Japan and etc. Snake is ransomware developed with Go language. The number of malware developed with Go has been on the continual rise, and recently distributed malwares use obfuscation methods to disrupt analysis. Like the others, function names of Snake ransomware have…
