Malware Information

Word Document Attack Targeting Companies Specialized in Carbon Emissions

On March 18th, the ASEC analysis team discovered a document-borne APT attack targeting companies specialized in carbon emissions. According to logs collected from AhnLab’s ASD (AhnLab Smart Defense), the user of the infected PC appears to have downloaded a malicious word document titled “**** Carbon Credit Institution.doc” through a web browser. While the malicious document could not be secured, it is likely that its internal macro code runs wscript.ex. The confirmed execution argument for wscript.exe is as follows: wscript.exe %AppData%\Microsoft\Templates\version.ini…

Distribution of ClipBanker Disguised as Malware Creation Tool

The ASEC analysis team has recently discovered a distribution of ClipBanker disguised as a malware creation tool. ClipBanker is a malware that monitors the clipboard of the infected system. If a string for a coin wallet address is copied, the malware changes it to the address designated by the attacker. Such type of malware has been continuously distributed since the past. The website that distributes ClipBanker is called ‘Russia black hat’ as shown below. It has various programs related to…

APT Attack Being Distributed as Windows Help File (*.chm)

The ASEC analysis team has recently discovered the distribution of malware disguised as a Windows Help File (*.chm), specifically targeting Korean users. The CHM file is a compiled HTML Help file that is executed via the Microsoft® HTML help executable program. The recently discovered CHM file downloads additional malicious files when run. A window that contains ordinary content is shown during this process, tricking the user into thinking that the file may not be malicious. The malware is compressed and…

BitRAT Disguised as Windows Product Key Verification Tool Being Distributed

The ASEC analysis team has recently discovered BitRAT which is being distributed via webhards. Because the attacker disguised the malware as Windows 10 license verification tool from the development stage, users who download illegal crack tools from webhard and install it to verify Windows license are at risk of having BitRAT installed into their PC. The following shows a post that was uploaded to webhard, one that harbors the malware. The title is [New][Quick Install]Windows License Verification[One-click]. A compressed file…

ASEC Weekly Malware Statistics (March 7th, 2022 – March 13th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 7th, 2022 (Monday) to March 13th, 2022 (Sunday). For the main category, info-stealer ranked top with 71.2%, followed by RAT (Remote Administration Tool) with 12.4%, downloader with 6.8%, banking malware with 5.9%, ransomware with 2.7%, and backdoor with 0.3%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.4%….