Phishing Malware That Sends Stolen Information Using Telegram API
Last year, AhnLab SEcurity intelligence Center (ASEC) introduced phishing script files that used Telegram to leak user information [1]. Recently, several phishing scripts using Telegram are being distributed indiscriminately through keywords such as remittance and receipts. Unlike the phishing script files that were distributed in the early days, the latest
Online Scams: Are You Safe From Impersonation, Blackmails, and Deception?
We are connected to the digital world that provides us with numerous utilities and entertainment, but sometimes it presents us with undesirable encounters. Online frauds and scams are examples of such encounters. Online scams are not simply at the level of disrupting individuals’ daily lives like mass-marketed commercial spam emails.
Kimsuky Group’s Spear Phishing Detected by AhnLab EDR (AppleSeed, AlphaSeed)
Kimsuky threat group, deemed to be supported by North Korea, has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014, and have expanded their attacks to other countries since 2017 [1]. The group has mainly
Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in January 2024
Statistics of Malware Targeting the Financial Sector Top 10 Major Malware Targeting the Financial Sector Attack Phase Malware Category MD5 Hash Phase 1 Phishing F57FA515AFB84F034B5025CF597C2AB4 Phase 1 Phishing 03267C03B3511FEFE59C54E582E7A7C9 Phase 2 Backdoor 82D0F2A189262D9555D6DB9723645D07 Phase 2 Backdoor 2F06DD4E6D4C72032CDE55C3D0E88FD3 Phase 2 Downloader 87982F1F940CC4AD215CE2DD3FE45678 Phase 2 Dropper 06AF7E3BD05111DA4DEBC5454B92ED0E Phase 3
Analysis of Phishing Case Impersonating a Famous Korean Portal Login Page
AhnLab SEcurity intelligence Center (ASEC) has recently analyzed a phishing case where a phishing page was disguised as a login page of a famous Korean portal website. ASEC has then collected some information on the threat actor. The fake login page, which is believed to have been distributed in the
Statistical Report on Phishing Email in Q4 2023
Overview AhnLab SEcurity intelligence Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the fourth quarter of 2023 (October, November, and December) and provide statistical information on each type. Generally,
Trend Report on Smishing – Q4 2023 Statistics and Analysis on Smishing Threats
01. Overview AhnLab analyzes and responds to phishing messages detected based on machine-learning. This report provides an extensive analysis along with the statistics of smishing messages discovered during the fourth quarter of 2023. In the fourth quarter of 2023, there was an increase in specific types of attacks such as
Distribution of Phishing Email Under the Guise of Personal Data Leak (Konni)
AhnLab Security Emergency response Center (ASEC) recently identified the distribution of a malicious exe file disguised as material related to a personal data leak, targeting individual users. The final behavior of this malware could not be observed because the C2 was closed, but the malware is a backdoor that receives
Phishing PDF Files Downloading Malicious Packages
AhnLab Security Emergency response Center (ASEC) observed the distribution of PDF files that contain malicious URLs. The domains linked from the PDF files indicate that similar PDFs are being distributed under the guise of downloading certain games or crack versions of program files. Below is a list of some of
Phishing Script File Breaching User Information via Telegram Being Distributed
AhnLab Security Emergency response Center (ASEC) has recently identified circumstances of multiple phishing script files disguised as PDF document viewer screens being distributed as attachments to emails. A portion of the identified file names are as below, and keywords such as purchase order (PO), order, and receipt were used. New
