Uncategorized

Targeted attacks using PDF files have been confirmed, and it seems the group related to North Korea is behind these attacks. While the attack group is thought to be either Kimsuky or Thallium, it might be another group that mimicked those two. The related information was already reported in the

Recently, there have been continuous attacks targeting domestic companies. Most of the malicious files collected from the companies’ breached systems have been dynamic library (DLL) files, but the files used in the attacks this time are different from general DLL files. The collected files had their normal libraries modified maliciously

The ASEC analysis team confirmed the distribution of CoinMiner that can disable the AMSI detection feature. Added in Windows 10, AMSI is a feature supported by Microsoft that allows applications and services to be linked with anti-malware software to detect malware. Currently, V3 Lite 4.0 and V3 365 Clinic 4.0

HawkEye keylogger is an info-stealing malware that is mainly distributed via spam mails. Although AgentTesla, Formbook, and Lokibot are currently the most distributed info-stealing malware, HawkEye used to match these types of malware in terms of mass distribution until recently. Despite the recent plummet in distribution, HawkEye malware has been

The ASEC analysis team has recently found out that the Vidar info-stealer malware is abusing a game matching program named Faceit to create C&C server URL. Vidar is malware that has been steadily distributed from the past disguised as spam mail, PUP, and KMSAuto authentication tool. Before it performs info-stealing

Hancitor is a downloader malware distributed through spam mails, which has been steadily distributed since 2016. Recently, a type that installs CobaltStrike through additional payloads is being distributed, therefore, the users must take caution. The malware is distributed via attachment files or download links in spam mail and it usually

Vidar is an info-stealer malware with the feature of leaking personal information. Although it is not included in the Top 5 of the weekly statistics shown below, it has constantly been included in the statistics. And considering the fact that it used to be included in the Top 5 for some

Lokibot malware has been around for several years, being distributed via phishing campaigns that include malicious email attachments or embedded URLs. Since its discovery in 2016, it had been used by various cybercriminals to create backdoors into the Windows machine. In the recent attacks, Lokibot was found being distributed via

On July 23, smartwatch & wearable manufacturer ‘Garmin’ was attacked by ransomware named WastedLocker, resulting in cessation of service and production line. The developer of this ransomware is a Russian cybercrime group that goes by the name of ‘Evil Corp’ and it is assumed that after launching an APT attack,

njRAT malware is a RAT malware that steals user’s personal information and runs by receiving the attacker’s command. This malware is constantly being distributed to users in Korea. Upon analyzing the detection log, AhnLab ASEC team discovered that njRAT is mostly distributed via Webhard and torrent websites, disguised as ordinary