Malware Information

ASEC Weekly Malware Statistics (February 28th, 2022 – March 6th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 28th, 2022 (Monday) to March 6th, 2022 (Sunday). For the main category, info-stealer ranked top with 67.0%, followed by RAT (Remote Administration Tool) malware with 19.0%, downloader with 6.8%, banking malware with 4.1%, ransomware with 2.7%, and backdoor with 0.5%. Top 1 – Formbook Formbook is an infostealer that ranked first place with 28.1%….

Infostealer Being Distributed via YouTube

The ASEC analysis team has recently discovered an infostealer that is being distributed via YouTube. The attacker disguised the malware as a game hack for Valorant, and uploaded the following video with the download link for the malware, then guided the user to turn off the anti-malware program. The team has introduced another case of distribution disguised as a game hack or crack via YouTube in a previous ASEC blog post. [ASEC 블로그] 유튜브를 통해 유포 중인 RedLine 인포스틸러 When…

Malicious HWP File Disguised as Press Release of 20th Presidential Election Early Voting for Sailors Being Distributed

The ASEC analysis team has discovered distribution of malicious HWP file disguised as “Press Release of 20th Presidential Election Early Voting for Sailors” as the presidential election draws near. The attacker distributed the malicious HWP file on February 28th, and though the team could not get the file in the hand, it appears this file runs a batch file through the internal OLE object to execute powershell according to AhnLab’s ASD (AhnLab Smart Defense) infrastructure log. Filename used in distribution:…

njRAT Being Distributed via Webhards

Webhards is a platform used to distribute malware, and it is mainly used by attackers that mainly target Korean users. The ASEC analysis team has been monitoring malware types distributed through webhards and has uploaded multiple blog posts about them in the past. Various types of malware are used recently such as UdpRat or DDoS IRC Bot developed with GoLang, but njRAT had been used in multiple attacks in the past. njRAT Malware Distributed via Major Korean Webhard 파일 공유…

Distribution of Remcos RAT Disguised as Tax Invoice

The ASEC analysis team has discovered Remcos RAT being distributed under the disguise of a tax invoice. The content and the type of phishing email are similar to the type that has been consistently discussed in previous blogs. Within the email, it has a short message written in awkward grammar. As users who are doing tax-related work may run the executable without a second thought about what’s written within the email, caution is advised. Upon decompressing the attachment ‘Tax.gz’, an…