Malicious Word Document Impersonating U.S. Investment Bank (External Connection + VBA Macro)
The ASEC analysis team is continually reporting malicious documents disguised as North Korea or public institution related materials that are being distributed. In this post, the team will introduce a malicious DOC (Word) document impersonating a U.S. investment bank. See [Figure 1] for more details. The .doc document operates in
Info-leaking Malware Distributed Through Google Keyword Search
The ASEC analysis team has previously dealt with BeamWinHTTP malware being distributed through adware and PUP programs. When users install cracks and keygens by downloading the installers from the phishing page, various PUP programs and BeamWinHTTP malware are installed together. BeamWinHTTP additionally installs info-leaking malware (info-stealers). When users search with
Makop Ransomware Distributed As Copyright Violation Related Materials
The ASEC analysis team has recently shared information about the distribution of Makop ransomware disguised as job applications. This week, the team confirmed that the ransomware is being distributed via e-mails that contain materials related to copyright violation. Unlike the last time, the compressed file is attached with the .dat
Cobalt Strike Targeting Korean Companies Being Distributed (Part 2)
The ASEC analysis team is monitoring attacks that utilize the Cobalt Strike hacking tool. In this article, the team will examine the latest Cobalt Strike attacks which were confirmed after the publishing of the past article that introduced the Cobalt Strike hacking tool. An attack confirmed on April 23 revealed
Attack Against Ukrainian Ministry of Defense Using E-mail Disguised as Free Bitcoin Reward
ASEC analysis team has confirmed the distribution of malicious e-mail disguised as a free Bitcoin reward that targets specific individuals in Ukrainian Ministry of Defense. This malware uses a recent hot topic, Bitcoin, and tricks people into downloading the end-stage malware through various methods. Figure 1. Phishing e-mail targeting Ukrainian
Lokibot Malware Disguised as Phishing E-mail Requesting for Estimate
ASEC analysis team has discovered the distribution of Lokibot malware disguised as an estimate request e-mail. Lokibot malware has been distributed continually over several years, and a closer look at the weekly malware statistics uploaded to the ASEC blog reveals the fact that Lokibot consistently remained high on the weekly
![[Caution] Makop Ransomware Disguised as Job Application E-mail Being Distributed!](https://asec.ahnlab.com/wp-content/uploads/2021/04/GetImageAttachment-2.png)
[Caution] Makop Ransomware Disguised as Job Application E-mail Being Distributed!
ASEC analysis team has recently discovered ransomware disguised as job application being distributed via e-mail. It appears that the attacker is targeting recruitment managers of various companies amidst the recruitment season of the first half of the year. Hence, recruiters must pay particular attention when managing their e-mail accounts. The
Distribution of RTF Vulnerability Malware that Takes Advantage of Microsoft Office Word’s External Connection
Distribution of RTF vulnerability (CVE-2017-11882) malware that uses external connection of MS Office Word document has been found. Employees must be on the lookout as the attacker is using spam e-mails to distribute malware to domestic shopping malls and other businesses. Recently, the distribution of MS Office Word malware using
Detection of Vulnerability (CVE-2021-26411) via V3 Memory Scan (Magniber)
Starting from March 2021, Magniber ransomware that operates in a fileless form has used the script that utilizes CVE-2021-26411 vulnerability instead of using CVE-2020-0968 vulnerability. There are still numerous damage reports that involve Magniber ransomware in Korea, and as the malware is being distributed via IE vulnerability (CVE-2021-26411), it is
Snake Keylogger Being Distributed via Spam E-mails
Recently, there has been an exponential increase in the distribution of Snake Keylogger via spam e-mails. Snake Keylogger is an info-leaking malware that is developed with .NET, and as seen from the weekly statistics below, it consecutively made its way into the Top 5 malware as of recent. Latest ASEC
