Distribution of Malicious Document File (XLS) Disguised as COVID-19 Predictions Posted By AhnLab_en , July 15, 2020 While the battle against relentless waves of malware using the COVID-19 theme continues, AhnLab ASEC analysis team discovered another attack disguised as ‘COVID-19 Predictions’ to deceive users to open the email and the document file attached. It was distributed via a phishing email, and this email had a malicious excel document. The excel file in the email has the number of confirmed COVID-19 cases by country. Any user who wishes to check the total number of the deceased has no…
Scam Alert: FormBook Malware Steals Incoming Mail Posted By AhnLab_en , July 6, 2020 ASEC (AhnLab Security Emergency response Center) analysis team has recently confirmed that FormBook is using new tactics to persuade users into downloading and executing malicious email attachments. According to ASEC’s weekly malware analysis report, FormBook was one of the most actively distributed malware in East Asia during July. FormBook is an info stealer malware that disguises itself as normal email attachments, such as estimates, order receipts, package deliveries, and invoice documents. The email message is short and simple. The email…
Distribution of Malicious Excel (XLS) Files Disguised as Court Decision Document: KONNI Group Posted By AhnLab_en , July 1, 2020 AhnLab ASEC has gathered Excel files that leak user info using malicious macro. The Excel file prompts the user to run macro, and when macro is run, it re-runs the Excel document that contains a court decision stating that the user ‘must pay a fine for abetting a breach on the Act On Door-To-Door Sales, etc. to make it difficult for the users to realize that their PC is infected. Its operation method is similar to the malware that APT…
Cryptocurrency Mining Malware Goes After Users Looking for Pirated Software Posted By AhnLab_en , June 29, 2020 Recently, AhnLab warned users of cryptocurrency mining malware that are being distributed in the wild. Cryptocurrency mining malware, also known as CoinMiner malware, is going after users that are actively searching for pirated software. As a medium to spread the malware, the attacker created a phishing site that is searchable by Google and other search engines. When the user enters a certain keyword, such as ‘HWP document program crack for Mac’ or ‘crack Autocad 2006 64 Bit Keygen,’ to look…
Distribution of Avaddon Ransomware using RigEK in Korea (extension: *.avdn) Posted By AhnLab_en , June 24, 2020 In early June, a new ransomware dubbed Avaddon was introduced in two articles (see link below). Since June 8, the number of distributed malware using RigEK (Rig Exploit Kit) has increased exponentially in Korea, and Avaddon ransomware is also being distributed. (June 7) sensorstechforum.com/avaddon-virus-remove/ (June 8) www.bleepingcomputer.com/news/security/new-avaddon-ransomware-launches-in-massive-smiley-spam-campaign/ The following figure shows the number of V3 behavior-detection logs for RigEK. 1153 represents No. of behavior-detection rule and this figure shows that the number of cases started skyrocketing starting from June 8. Users…
