Info Theft Malware Distribution Phishing Campaign Posted By jcleebobgatenet , November 9, 2020 The ASEC analysis team discovered a phishing site that distributes info-stealer malware by disguising it as a crack program of a normal utility. As shared in the post posted on June 29th (https://asec.ahnlab.com/ko/1339/), the phishing site appears in the top results when the utility program name is searched along with “Crack” on Google. It is assumed that many users were infected when they accessed the said site to download the crack of the utility program. As shown in Figure 2,…
Analysis of Info-Leaking Feature of Info-Stealer Malware Vidar Posted By AhnLab_en , September 8, 2020 Vidar is an info-stealer malware with the feature of leaking personal information. Although it is not included in the Top 5 of the weekly statistics shown below, it has constantly been included in the statistics. And considering the fact that it used to be included in the Top 5 for some time, its distribution rate may increase in the future. The number of files distributed over the last 1 month is shown in the table below. All the files were distributed…
Lokibot is at it Again, This Time Spreading via Purchase Order Posted By AhnLab_en , August 30, 2020 Lokibot malware has been around for several years, being distributed via phishing campaigns that include malicious email attachments or embedded URLs. Since its discovery in 2016, it had been used by various cybercriminals to create backdoors into the Windows machine. In the recent attacks, Lokibot was found being distributed via phishing emails disguised as Purchase Order attachments. Let’s take a closer look at Lokibot’s recent attack methods. Lokibot is an information-stealing trojan that that steals account information from various programs…
[Caution] Distribution of WastedLocker Ransomware Targeting Specific Companies Posted By AhnLab_en , August 28, 2020 On July 23, smartwatch & wearable manufacturer ‘Garmin’ was attacked by ransomware named WastedLocker, resulting in cessation of service and production line. The developer of this ransomware is a Russian cybercrime group that goes by the name of ‘Evil Corp’ and it is assumed that after launching an APT attack, they used an invasive testing tool Cobalt Striker to distribute WastedLocker ransomware. WastedLocker is typical ransomware that encrypts system files and asks for financial compensation in return for decrypting the…
njRAT Malware Distributed via Major Korean Webhard Posted By AhnLab_en , August 19, 2020 njRAT malware is a RAT malware that steals user’s personal information and runs by receiving the attacker’s command. This malware is constantly being distributed to users in Korea. Upon analyzing the detection log, AhnLab ASEC team discovered that njRAT is mostly distributed via Webhard and torrent websites, disguised as ordinary file such as video games, authentication tools, and utilities. In most cases, PCs are infected with malware the moment the source program is run, making it difficult for users to…