Phishing Attacks Disguised as Microsoft, Targeting Corporate Users Posted By jcleebobgatenet , November 1, 2021 The ASEC analysis team has recently discovered phishing attacks disguised as Microsoft are being sent to corporate users. As shown in the figure below, the sender of the phishing e-mail is disguised as Microsoft, and the e-mail is distributed with the subject of “Password Expiring Notice”. The body of the e-mail says, “Your password to a certain account has expired today. Use same password to keep access to your Office365 account.” Upon clicking the text “KEEP YOUR PASSWORD”, a screen…
Malicious Excel File Disguised as an Invoice, Possibly Targeting Companies Posted By jcleebobgatenet , October 28, 2021 The ASEC analysis team has recently discovered a malicious Excel file disguised as an invoice. This file is being distributed as an e-mail attachment with the filename of Invoice-[number]_date.xlsb. The following is the malicious e-mail that is being distributed in Korea. Upon running the Excel file, editing is restricted, prompting users to click the image within the file (see figure below). As the macro is designated to this image, the user must click the image for the macro to be…
Malicious HWP File with COVID-19 Relief Fund Related ‘Collection of Personal Information Consent Form’ Posted By jcleebobgatenet , October 28, 2021 The ASEC analysis team has discovered a malicious HWP file that hasn’t been distributed for some time. The HWP file that was last posted in April was inserted with a malicious link object inside, and it is the first time this year that a file inserted with malicious EPS was found. The file is also uploaded in VirusTotal, and judging by the fact that the filename is ‘test.hwp’ and ‘123.hwp,’ it is possible that the file was created for testing….
Coinminer Malware Distributed via Discord Posted By Sanseo , October 25, 2021 While monitoring malware that is being distributed in Korea, the ASEC analysis team confirmed that coinminer malware was being distributed via Discord messenger. The attacker introduces a program that generates Robux, a currency used in a game called Roblox, for free in the following Discord chat room named “Free Robux Generator” and prompts the user to download it. Upon clicking the “Robux Generator – Download,” the compressed file shown below is downloaded. Upon decompressing the file, an executable named “robux…
RTF Malware Disguised as a Cover Letter for a Particular Airline Posted By jcleebobgatenet , October 25, 2021 In early October, the ASEC analysis team has discovered an RTF file-based malware disguised as a cover letter for a particular airline. This is not a type of document file format that appears often as other document-type malware (Word, Excel, etc.), and RTF malware disguised as a particular document hasn’t been discovered in a long time. Filename used in distribution: ****Airline Cover Letter_.rtf An MS Office equation editor program EQNEDT32.EXE related vulnerability (CVE-2017-11882) was used for the RTF file, and…
