Malicious Word Document Disguised as Profile Template File for Summer Academic Conference Being Distributed Posted By jcleebobgatenet , July 14, 2021 In June this year, the ASEC analysis team introduced a malicious word document assumed as a targeted attack. Recently, the team confirmed that malware of the same type is being distributed with new content. It was distributed through mails with the sender impersonating an admin of a summer academic conference in Korea (see Figure below). The mail had an attachment named ‘[** Summer Academic Conference]_Profile Template.doc’ which prompts the user to fill out the form. The figure below is the…
Nitol Malware Being Distributed in Forum Archive Posted By jcleebobgatenet , July 9, 2021 The ASEC analysis team confirmed that malware is being distributed in a forum archive in Korea. The attacker uploaded 4 posts disguised as sharing utility programs that are used to distribute malware. These posts distribute Nitol malware disguised as certain utility programs. The related attacks have been happening since last June. Each post has a description of a utility program with a torrent file attached. Upon opening the torrent file using the torrent client, files can be downloaded. When downloading…
Detection of JavaScript Vulnerability (CVE-2021-26411) via V3 Behavior Detection (Magniber) Posted By jcleebobgatenet , July 7, 2021 Attackers are using the CVE-2021-26411 JavaScript vulnerability to actively distribute fileless Magniber ransomware via IE browser. Its internal code flow is changing rapidly, and there are still numerous damage reports that involve Magniber ransomware in Korea. As it is being distributed via an IE vulnerability (CVE-2021-26411), it is absolutely crucial for IE users to apply the security patch. Currently, V3 products can detect and block the latest Magniber ransomware using the ‘Behavior Detection’ feature. Figure 1 shows the infection process of…
Info-Stealer Malware Disguised as Illegal Pornography Being Distributed via Discord Posted By jcleebobgatenet , July 2, 2021 The ASEC analysis team recently found an info-stealing malware that is being distributed via Discord messenger. The malware which is spread through Discord uses the Discord API to send the stolen information to the attacker. FYI, the Discord type method was introduced in the ASEC blog before. https://asec.ahnlab.com/en/19343/ The Discord server which distributes malware sells and distributes illegal pornographies. The creator of malware who is also the administrator of the server uploads a compressed file in the server’s ‘Free Porn’…
Attacker Distributing Malicious Word Document Written as Compensation Claim Form Posted By jcleebobgatenet , June 29, 2021 A malicious word document file written as ‘compensation claim form’ is being distributed again. This is speculated to be a targeted APT attack. The exact malware that used the identical document format was also discovered back in March, and the ASEC team published a post that analyzes the malware in the ASEC blog. The currently discovered word document was made recently and it contains the same content as the previous attack, but it operates differently. In this post, the team…
