Malware Information

Malicious Word File Targeting Corporate Users Being Distributed

The ASEC analysis team discovered a Word file that seems to target corporate users. The file contains an image that prompts users to enable macros like other malicious files. To trick users into thinking that this is an innocuous file, it shows information related to improving Google account security when the macro is run. Ultimately, it downloads additional malware files and leaks user information. When the file is run, it shows a warning image that mentions ‘file created in public…

ASEC Weekly Malware Statistics (March 14th, 2022 – March 20th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 14th, 2022 (Monday) to March 20th, 2022 (Sunday). For the main category, info-stealer ranked top with 70.0%, followed by RAT (Remote Administration Tool) with 19.8%, downloader with 5.7%, banking malware with 3.6%, CoinMiner with 0.4%, and backdoor with 0.4%. Top 1 – Formbook Formbook ranked first place with 26.3%. Like other info-stealer, it is…

VBS Script Disguised as PDF File Being Distributed (Kimsuky)

On March 23rd, the ASEC analysis team has discovered APT attacks launched by an attack group presumed to be Kimsuky, and they targeted certain Korean companies. Upon running the script file with the VBS extension, the malware runs the innocuous PDF file that exists internally to trick the user into thinking that they opened an innocuous document file and uses a malicious DLL file to leak information. Taking PDF file into consideration, it seems the attacker is targeting precise-refinement industries….

BitRAT Disguised as Officer Installer Being Distributed

The ASEC analysis team previously uploaded a post about BitRAT that was distributed under the disguise of Windows OS license verification tool. The BitRAT is now being distributed as Office Installer with different files, preying upon potential victims. The following image shows a post that contains the malware. It is titled, [New][Cheap]Office 2021 Installer + Permanent License Verification. The downloaded file is a compressed file named ‘Program.zip’, just like the one introduced in the previous blog post (see Figure 3…

APT Attack Using Word Files About Cryptocurrency (Kimsuky)

On March 21st, the ASEC analysis team has discovered the Kimsuky group’s APT attacks that use Word files containing information about cryptocurrency. A total of three Word files were discovered that were used as baits for the attacks. The macro’s author and its execution flow are identical to that which was introduced in the ASEC blog post uploaded on March 17th (Title:  Malicious Word Files Disguised as Product Introduction). It appears that all three files are properly created Word files…