Malware Information

ASEC Weekly Malware Statistics (February 21st, 2022 – February 27th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 21st, 2022 (Monday) to February 27th, 2022 (Sunday). For the main category, info-stealer ranked top with 77.9%, followed by RAT (Remote Administration Tool) malware with 15%, downloader with 2.9%, ransomware with 2.1%, banking malware with 1.7%, and backdoor with 0.4%. Top 1 – Formbook Formbook is an infostealer malware that ranked first place with…

Magniber Disguised as Normal Windows Installer (MSI) Being Redistributed (February 22nd)

In the morning of February 22nd, the ASEC analysis team has discovered the redistribution of Magniber that disguised itself as normal Windows Installers (MSI) instead of the previous Windows app (APPX) The distributed Magniber files have MSI as their extension, disguised as Windows update files. Critical.Update.Win10.0-kb4215776.msi Critical.Update.Win10.0-kb6253668.msi Critical.Update.Win10.0-kb5946410.msi MSI package files are install frameworks that are also used for normal Windows updates. The malware was distributed by including the Magniber ransomware DLL within the MSI package file. By default, MSI…

Change in Distribution Method of Malware Disguised as Estimate (VBS Script)

Last year, the ASEC analysis team has discovered the distribution of Formbook that used a certain company’s name in its filename. Recently, the team has discovered that it is being distributed via VBS file. The email used for distribution still contains details about a request for an estimate, and by using a certain company’s name in the attachment, it prompts the user to execute it. The compressed file attached to the email does not contain an executable but a VBS…

CoinMiner Being Distributed to Vulnerable MS-SQL Servers

The ASEC analysis team is constantly monitoring malware distributed to vulnerable MS-SQL servers. The previous blogs explained the distribution cases of Cobalt Strike and Remcos RAT, but the majority of the discovered attacks are CoinMiners. – [ASEC Blog] Remcos RAT Being Distributed to Vulnerable MS-SQL Servers– [ASEC Blog] Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers– [ASEC Blog] Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers (2) This blog will explain a specific form of CoinMiner that has been consistently distributed since last…

New Infostealer ‘ColdStealer’ Being Distributed

The ASEC analysis team has discovered the distribution of ColdStealer that appears to be a new type of infostealer. The malware disguises itself as a software download for cracks and tools, a distribution method that was mentioned multiple times in previous ASEC blog posts. There are two cases for this type of malware distribution: 1. Distributing a single type of malware such as CryptBot or RedLine2. Dropper-type malware decompressing and executing various internal malware strains ColdStealer was distributed with the…