Malware Information

APT Attacks Using Word File Disguised as Donation Receipts for Uljin Wildfire (Kimsuky)

At the beginning of March this year, a wildfire broke out in the Samcheok and Wuljin area, and numerous people from all over Korea donated to help the victims and restore the damages. Amidst such a situation, the ASEC analysis team discovered the attacker’s attempt at launching APT attacks disguised as donation receipts for the Uljin wildfire. The file was created on March 28th, and its author’s name is the same as the author (Acer) that was introduced in the…

APT Attack Disguised as Resume Template for North Korean Defectors (VBS Script)

The ASEC analysis team has recently discovered that a malicious info-leaking VBS is being distributed via phishing email disguised as North Korea-related material. The email is about casting calls for a North Korea-related broadcast, and a compressed file is attached to it. It asks the readers to fill out the resume, prompting them to run the file. The compressed file contains a malicious VBS script file. The activities of ‘2022 Resume Template.vbs’ are as follows: Collects and sends information Creates…

ASEC Weekly Malware Statistics (March 21st, 2022 – March 27th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 21st, 2022 (Monday) to March 27th, 2022 (Sunday). For the main category, info-stealer ranked top with 75.4%, followed by RAT (Remote Administration Tool) with 16.7%, downloader with 4.8%, banking malware with 2.4%, ransomware with 0.8%. Top 1 – AgentTesla AgentTesla ranked first place with 25.4%. It is an info-stealer that leaks user credentials…

Malicious Word File Targeting Corporate Users Being Distributed

The ASEC analysis team discovered a Word file that seems to target corporate users. The file contains an image that prompts users to enable macros like other malicious files. To trick users into thinking that this is an innocuous file, it shows information related to improving Google account security when the macro is run. Ultimately, it downloads additional malware files and leaks user information. When the file is run, it shows a warning image that mentions ‘file created in public…

ASEC Weekly Malware Statistics (March 14th, 2022 – March 20th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 14th, 2022 (Monday) to March 20th, 2022 (Sunday). For the main category, info-stealer ranked top with 70.0%, followed by RAT (Remote Administration Tool) with 19.8%, downloader with 5.7%, banking malware with 3.6%, CoinMiner with 0.4%, and backdoor with 0.4%. Top 1 – Formbook Formbook ranked first place with 26.3%. Like other info-stealer, it is…