Uncategorized

AveMaria is a RAT (Remote Administration Tool) malware with a remote control feature that receives commands from the C&C server and performs a variety of malicious behaviors. As shown in the weekly statistics below, it is not included in the Top 5, but it has consistently been taking up a

Since early this year, cases of distribution of phishing emails that contain a malicious Powerpoint file (*.PPT) have been reported. ASEC analysis team has recently detected AgentTesla, a malware that is ultimately run via this attack method. In this report, our goal is to share information on this malware. In

Emotet is back after almost five months of absense. It disappeared in early February, 2020 and came back recently in July to resume it’s phishing campaigns. AhnLab Security Emergency-response Center(ASEC) has confirmed the return of Emotet malware through its blog on July 22nd. Emotet is an infamous botnet that is

While the battle against relentless waves of malware using the COVID-19 theme continues, AhnLab ASEC analysis team discovered another attack disguised as ‘COVID-19 Predictions’ to deceive users to open the email and the document file attached. It was distributed via a phishing email, and this email had a malicious excel

ASEC (AhnLab Security Emergency response Center) analysis team has recently confirmed that FormBook is using new tactics to persuade users into downloading and executing malicious email attachments. According to ASEC’s weekly malware analysis report, FormBook was one of the most actively distributed malware in East Asia during July. FormBook is

AhnLab ASEC has gathered Excel files that leak user info using malicious macro. The Excel file prompts the user to run macro, and when macro is run, it re-runs the Excel document that contains a court decision stating that the user ‘must pay a fine for abetting a breach on

Recently, AhnLab warned users of cryptocurrency mining malware that are being distributed in the wild. Cryptocurrency mining malware, also known as CoinMiner malware, is going after users that are actively searching for pirated software. As a medium to spread the malware, the attacker created a phishing site that is searchable

In early June, a new ransomware dubbed Avaddon was introduced in two articles (see link below). Since June 8, the number of distributed malware using RigEK (Rig Exploit Kit) has increased exponentially in Korea, and Avaddon ransomware is also being distributed. (June 7) sensorstechforum.com/avaddon-virus-remove/ (June 8) www.bleepingcomputer.com/news/security/new-avaddon-ransomware-launches-in-massive-smiley-spam-campaign/ The following figure shows

Snake ransomware that targets specific companies is currently being distributed. Although there are no found cases in Korea as of yet, Korean companies must be on guard as it is targeting companies across nations such as Germany, Italy, Japan and etc. Snake is ransomware developed with Go language. The number

AhnLab has recently identified a malware being distributed in the wild disguised as a software activation tool. The malicious campaign is targeted towards users trying to get access to pirated​ softwares. The attacker distributed malicious executable files disguised as software activation tools. Examples of these tools include KMSAuto and KMSPico. It can