Others

Malicious Word File Disguised as ‘Purchase and Sales Agreement for Export-bound Gold Bars’

The ASEC analysis team discovered a malicious word document disguised as ‘Purchase and Sales Agreement for Export-bound Gold Bars’ and would like to inform the readers about it through this post. Judging by the title and body text of the original document on which the distributed document is based, it appears that the original was created in the past and was recently distributed following a revision. Document Title: 1MT Business Terms-20140428.doc Document Information: Last Printed Date – April 20th, 2014Last Modified…

ASEC Weekly Malware Statistics (May 31st, 2021 – June 6th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 31st, 2021 (Monday) to June 6th, 2021 (Sunday). For the main category, info-stealer ranked top with 82.5%, followed by RAT (Remote Administration Tool) malware with 16.0%, and downloader with 1.5%. Banking malware and ransomware were excluded due to decrease in the number of cases. Top 1 –  AgentTesla AgentTesla was ranked first place…

Caution! Magniber Ransomware Being Distributed in Korea Using CVE-2021-26411 Vulnerability

The distributor of Magniber ransomware has continued to evolve to avoid V3’s detection. It goes without saying that subscribers of ASEC Blog are well aware of the fact that AhnLab has been fighting the developers of Magniber ransomware for a long time, and that the history almost resembles a cat-and-mouse chase. This time, the distributor of Magniber waited for the anniversary day of AhnLab (March 15th), which is also a traditional holiday for AhnLab. On this day, the distributor swiftly…

Distribution of Malware via Resume/Copyright-Related Emails (Ransomware, Infostealer)

ASEC analysis team has confirmed the malware under the disguise of a resume is still being distributed. This time, it disguised as resume and copyright-related files. The file that is being recently distributed also takes the form of NSIS (Nullsoft Scriptable Install System) and is being distributed under various filenames as translated below. Outline on the original image (the image I created) and the image you are currently using.exe You have violated copyright laws and here is the summary of…

Received Estimate/Purchase Order Email? Take Caution When Opening Them!

With the start of 2021, malicious emails disguised as business emails are being discovered as numerous companies have started their business. Thus, users must remain vigilant when opening email. The discovered attacks used e-mails disguised as business-related content, such as ‘estimate request’ or ‘purchase orders,’ with malicious files attached. Upon running the attachment file, the user either gets directed to a phishing site that requires account information, or gets infected with info theft malware.  In January and February this year, ASEC has discovered numerous cases of e-mails disguised as ‘estimate request’ or ‘purchase order’ to attempt to steal user’s info. The email was written in quite fluent Korean, and it had the phrase ‘Please check the attached file.’ written in…