V3 Detects and Blocks Magniber Ransomware Injection (Direct Syscall Detection) Posted By AhnLab_en , August 10, 2023 The Magniber ransomware is consistently being distributed at high volumes. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed with filenames disguised as a Windows security update package (e.g. ERROR.Center.Security.msi) in Edge and Chrome browsers. Magniber at the moment injects the ransomware into a running process, having this process cause damage by encrypting the user’s files. This post…
Distribution of Malware Disguised as Coin and Investment-related Content Posted By yeeun , August 9, 2023 AhnLab Security Emergency response Center (ASEC) has recently confirmed the distribution of malware disguised with coin exchange and investment-related topics. The malware is being distributed in the form of an executable and a Word file. Based on the User-Agent name used in the malware, it is suspected that it was created by the Kimsuky group. The confirmed filenames are as follows: Date Filename 07.17 20230717_030190045911.pdf .exe 07.28 0728-We**Wallet Automatic Withdrawal of Funds.docx.exe (assumed) 07.28 230728 We**Team – Wallet Hacking Similarities.docx.exe…
Reptile Malware Targeting Linux Systems Posted By Sanseo , August 3, 2023 Reptile is an open-source kernel module rootkit that targets Linux systems and is publicly available on GitHub. [1] Rootkits are malware that possess the capability to conceal themselves or other malware. They primarily target files, processes, and network communications for their concealment. Reptile’s concealment capabilities include not only its own kernel module but also files, directories, file contents, processes, and network traffic. Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse…
Sliver C2 Being Distributed Through Korean Program Development Company Posted By Sanseo , August 1, 2023 In the past, AhnLab Security Emergency response Center (ASEC) had shared the “SparkRAT Being Distributed Within a Korean VPN Installer” [1] case post and the “Analysis of Attack Cases: From Korean VPN Installations to MeshAgent Infections” [2] case post which covered the SparkRAT malware being distributed through a Korean VPN service provider’s installer. ASEC has recently identified similar malware strains being distributed while being disguised as setup files for Korean VPN service providers and marketing program producers. Unlike the past…
CHM Impersonates Korean Financial Institutes and Insurance Companies Posted By gygy0101 , July 28, 2023 In March, AhnLab Security Emergency response Center (ASEC) covered a CHM-type malware impersonating security emails from financial institutes. This post will cover the recently identified distribution of CHM-type malware using a similar method of impersonating Korean financial institutes and insurance companies. The CHM file is in a compressed file (RAR) format. Upon execution, it displays the following help screens. These are all guides disguised as being sent from Korean financial institutes and insurance companies and include content such as “credit…
