Malware Information

Vidar Exploiting Social Media Platform (Mastodon)

The ASEC analysis team has recently discovered that Vidar is exploiting a social media platform named Mastodon to create C&C server addresses. Vidar is an info-stealer malware installed through spam emails and PUP, sometimes being disguised as a KMSAuto authenticator tool. It has been consistently distributed since the past, and there was a recent case of it being installed through other types of malware such as Stop ransomware. When Vidar is run, it first accesses the C&C server to receive…

Emotet Being Distributed Using Excel Files

The ASEC analysis team has discovered the constant distribution of Excel files that started last month. These files are made to download Emotet, and they prompt users to enable macros (see figure below). As the files have Auto_Open designated in the macro name box for a cell that exists in a hidden sheet, the formula in the cell is automatically run when the user clicks the Enable Content button. The cell designated with Auto_Open contains a command that runs mshta…

ASEC Weekly Malware Statistics (January 10th, 2022 – January 16th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 10th, 2022 (Monday) to January 16th, 2022 (Sunday). For the main category, info-stealer ranked top with 55.1%, followed by RAT (Remote Administration Tool) malware with 38.2%, downloader with 3.9%, ransomware with 1.4%, and backdoor with 1.4%. Top 1 – AgentTesla AgentTesla ranked first place with 28.0% once again. It is an info-stealer malware…

DDoS IRC Bot Malware (GoLang) Being Distributed via Webhards

While monitoring the distribution source of malware in Korea, the ASEC analysis team has discovered that DDoS IRC Bot strains disguised as adult games are being installed via webhards. Webhards are platforms commonly used for the distribution of malware in Korea, where njRAT and UDP Rat were distributed in the past. UDP RAT Malware Being Distributed via Webhards The cases that are recently being discovered are similar to the case discussed in the post above, and it appears that the…

ASEC Weekly Malware Statistics (January 3rd, 2022 – January, 9th 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 3rd, 2022 (Monday) to January 9th, 2022 (Sunday). For the main category, info-stealer ranked top with 54.2%, followed by RAT (Remote Administration Tool) malware with 30.1%, downloader with 12.0%, ransomware with 2.4%, and backdoor with 1.2%. Top 1 – AgentTesla AgentTesla ranked first place with 28.9% once again. It is an info-stealer malware…