[Caution] Distribution of WastedLocker Ransomware Targeting Specific Companies Posted By AhnLab_en , August 28, 2020 On July 23, smartwatch & wearable manufacturer ‘Garmin’ was attacked by ransomware named WastedLocker, resulting in cessation of service and production line. The developer of this ransomware is a Russian cybercrime group that goes by the name of ‘Evil Corp’ and it is assumed that after launching an APT attack, they used an invasive testing tool Cobalt Striker to distribute WastedLocker ransomware. WastedLocker is typical ransomware that encrypts system files and asks for financial compensation in return for decrypting the…
njRAT Malware Distributed via Major Korean Webhard Posted By AhnLab_en , August 19, 2020 njRAT malware is a RAT malware that steals user’s personal information and runs by receiving the attacker’s command. This malware is constantly being distributed to users in Korea. Upon analyzing the detection log, AhnLab ASEC team discovered that njRAT is mostly distributed via Webhard and torrent websites, disguised as ordinary file such as video games, authentication tools, and utilities. In most cases, PCs are infected with malware the moment the source program is run, making it difficult for users to…
AveMaria malware being distributed as spam mail Posted By AhnLab_en , August 10, 2020 AveMaria is a RAT (Remote Administration Tool) malware with a remote control feature that receives commands from the C&C server and performs a variety of malicious behaviors. As shown in the weekly statistics below, it is not included in the Top 5, but it has consistently been taking up a certain percentage of the total. AveMaria malware has been distributed via spam mails similar to AgentTesla, Lokibot, and Formbook malware. Additionally, it is packeted and distributed in a form of…
How AgentTesla Malware is Being Distributed in Korea Posted By AhnLab_en , July 28, 2020 Since early this year, cases of distribution of phishing emails that contain a malicious Powerpoint file (*.PPT) have been reported. ASEC analysis team has recently detected AgentTesla, a malware that is ultimately run via this attack method. In this report, our goal is to share information on this malware. In January 2020, an email that contained PPT with info-leaking malware, azorult, was distributed overseas. (Blog post:https://appriver.com/resources/blog/january-2020/powerpoint-malware-references-drake-lyrics-drop-lokibot-azorult) In July 2020, an info-leaking malware named AgentTesla was distributed using a distribution method…
Emotet is Back and Spamming Again! Posted By AhnLab_en , July 21, 2020 Emotet is back after almost five months of absense. It disappeared in early February, 2020 and came back recently in July to resume it’s phishing campaigns. AhnLab Security Emergency-response Center(ASEC) has confirmed the return of Emotet malware through its blog on July 22nd. Emotet is an infamous botnet that is known for its phishing campaigns. Even after a five-month-long break, their old tricks of using phishing emails remained the same. Emotet’s phishing campaign can be primarily divided into three types:…
