Increase of Malware Signed with Valid Digital Certificate
Code signing is a process of signing a file with digital signature based on the personal information of the applicant to enhance trust and secure integrity. The file creator receives digital certificate via Certificate Authority(CA) and signs the file using the certificate. Since the code signed file is certified by
Preemptive Defense Measures against Fileless Magniber Ransomware (V3 Behavior Detection)
After the distribution of Magniber recovery tools developed by AhnLab Analysis Team in 2018, Magniber has been transformed into a fileless format, disabling any kind of recovery. For successful file encryption, this fileless Magniber has evolved to bypass behavior detection and perform indiscriminate injection to unspecified processes that have privileges on
BlueCrab: The Successor of GandCrab with Different Execution Method Depending on Use of V3Lite
A newly emerged BlueCrab ransomware is distributed in various ways, similar to GandCrab. Its distribution methods include phishing email with a malicious document attached and phishing utility download page. AhnLab ASEC has been monitoring the distribution code of Javascript disguising as a utility program. When Javascript file(.js) downloaded from the phishing utility
Distribution and Operation of Malware ‘Crypter’ Exploiting Spam Mail
A malicious spam mail attack that distributes malware by attaching document or archive file has been one of the most popular method among the operators. AhnLab ASEC Analysis Team analyzed spam mails received from numbers of customers and confirmed that majority of files downloaded by malicious documents attached to the
CoinMiner Infecting MBR is Distributed in Korea (DarkCloud Bootkit)
In February 2019, AhnLab ASEC discovered the spread of CoinMiner malware that disables both domestic & foreign security products and manipulates MBR(Master Boot Record) of the infected system. This type of malware is known as “DarkCloud Bootkit” overseas. Unlike existing CoinMiner malware, it is equipped with features infecting MBR and
[Warning] ‘Amadey’ Malware Targeting Korean Cryptocurrency Companies
Recently, AhnLab ASEC has confirmed numbers of ‘Amadey’ malware attacks targeting Korean cryptocurrency companies. The attack utilizes various email attachments such as DOC, RTF, VBS, and EXE. The following are the name of document files and executable files discovered from the attack:*English translation will be provided for Korean file names
Does Operation ShadowHammer Only Target ASUS Certificate?
On March 25, 2019, Kaspersky Lab reported that ASUS’s software update server was compromised, causing the spread of malware that includes valid certificates. Kaspersky Lab named the attack “Operation ShadowHammer“. The security vendor delivered relevant information to ASUS on January 31, 2019, and the initial attack is speculated to have
Shadow of WannaCry, 2019 SMB Exploitation
WannaCry (or WannaCryptor), which infected more than 300,000 systems in May 2017 and gripped the whole world in fear, spread rapidly by exploiting a Windows SMB security vulnerability (MS17-010). Precaution is required since the recently discovered malware is a CoinMiner, a type of malware that mines cryptocurrency. This report details
Malware Installed with Coin Wallet Program Alibaba
ASEC recently discovered an information leaking malware installed along with Alibaba coin (ABBC Coin) wallet program. When ABBCCoin program is run, the coin wallet program is installed in the AppData\Roaming folder and the malware named sys.exe that has downloader feature is dropped and run. Figure 1. ABBCCoin wallet program The
Hacking Tool Ammyy Targeting Corporate Users and Installs on Their PC (Ransomware CLOP)
These days, there have been widespread phishing emails pretending a particular national organization. The Excel document file(ex: certificate.xls, inquiry.xls) attached to the email contains a malicious macro. Recently during their malware monitoring process, AhnLab ASEC detected the code change that the malware began targeting corporates. From the fact that the
