Uncategorized

On March 23, ASEC analysis team has found that abnormal malicious archive files have been distributed via email. The attachment in the e-mail is ZIP extension, but it prompts the user to extract it by a specific decompressor using a message “Use Winrar.” Distributing archived malware via email is a

As health care workers battle with COVID-19 pandemic in the frontline to keep people safe, security professionals continue to combat coronavirus related malware to secure the cyber world. Government and health officials have been publishing guidelines to prevent the virus, and it comes as no surprise that hackers have been

Malware Info Distribution of Excel File with Malicious Macro Hidden ‘Deeper’ – very hidden by AhnLab ASEC Analysis Team March 11, 2020. An excel file that used a new method to hide a malicious macro has been discovered. This file used excel 4.0 (XLM) macro sheet and took a departure

ASEC analysis team has found a malware that is being distributed in Korea, a malware disguised as Shincheonji-related. On the surface, the filename of the distributed files appears to be .xlsx (excel) or .ppt (powerpoint) document file, but that is due to utilization of RLO (Right to Left Override) method,

On March 4, ASEC analysis team confirmed the distribution of an info-stealing (keyboard input leaker) malware disguised as a quotation. The address downloads the secondary malware uses Google drive (https://drive.google.com) which many people use, and this method is used to disguise the behavior as a non-threat behavior. It was discovered

On March 2, 2020, ASEC analysis team discovered a new ransomware that gets installed using Windows update screen. This ransomware uses the same packer as ransomware goes by the name of Bluecrab, Nemty, or Paradise for distribution, and the extension .rezm is added to the encrypted file. Upon running the

Recent Changes in Magniber Ransomware Recent Changes in Magniber Ransomware Magniber is one of the most well-known fileless malware that is distributed via Magnitude Exploit Kit. It commonly exploits web browser vulnerabilities, such as Internet Explorer (IE) vulnerability. Magniber underwent sudden changes between September 2019 and February 2020. During September

While monitoring malwares being actively distributed, ASEC analysis team discovered a new dynamic analysis bypass technique. To avoid detection, many of the malwares being distributed check the malware execution environment first, and if it matches the requirement, they crash not to activate. The technique that will be introduced in this blog

On May 14. 2019, Microsoft announced an emergency security update for patching the BlueKeep (CVE-2019-0708) vulnerability. The company also provided unprecedented updates on the discontinued OS(Windows XP, Windows Vista, Windows Server 2003) and warned that the BlueKeep could be exploited as a ‘Wormable’ vulnerability just like EternalBlue from 2017. BlueKeep

On December 2, 2019, ASEC Analysis Team spotted that new NEMTY ransomware 2.2 version updated from v2.0 are distributed in Korea. All the characteristics of the new version including distribution method disguising as ‘resume’ or’ notice on illegal breach of e-commerce act’, excluded countries, infection target, excluded file and folder.