Malicious Word Document Disguised as Profile Template File for Summer Academic Conference Being Distributed
In June this year, the ASEC analysis team introduced a malicious word document assumed as a targeted attack. Recently, the team confirmed that malware of the same type is being distributed with new content. It was distributed through mails with the sender impersonating an admin of a summer academic conference
Detection of JavaScript Vulnerability (CVE-2021-26411) via V3 Behavior Detection (Magniber)
Attackers are using the CVE-2021-26411 JavaScript vulnerability to actively distribute fileless Magniber ransomware via IE browser. Its internal code flow is changing rapidly, and there are still numerous damage reports that involve Magniber ransomware in Korea. As it is being distributed via an IE vulnerability (CVE-2021-26411), it is absolutely crucial
ASEC Weekly Malware Statistics (June 7th, 2021 – June 13th, 2021)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 7th, 2021 (Monday) to June 13th, 2021 (Sunday). For the main category, info-stealer ranked top with 67.7%, followed by RAT (Remote Administration
ASEC Weekly Malware Statistics (May 31st, 2021 – June 6th, 2021)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 31st, 2021 (Monday) to June 6th, 2021 (Sunday). For the main category, info-stealer ranked top with 82.5%, followed by RAT (Remote Administration
Info-Stealer Malware Disguised as Illegal Pornography Being Distributed via Discord
The ASEC analysis team recently found an info-stealing malware that is being distributed via Discord messenger. The malware which is spread through Discord uses the Discord API to send the stolen information to the attacker. FYI, the Discord type method was introduced in the ASEC blog before. https://asec.ahnlab.com/en/19343/ The Discord
ASEC Weekly Malware Statistics (May 24th, 2021 – May 30th, 2021)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 24th, 2021 (Monday) to May 30th, 2021 (Sunday). For the main category, info-stealer ranked top with 79.4%, followed by RAT (Remote Administration
Attacker Distributing Malicious Word Document Written as Compensation Claim Form
A malicious word document file written as ‘compensation claim form’ is being distributed again. This is speculated to be a targeted APT attack. The exact malware that used the identical document format was also discovered back in March, and the ASEC team published a post that analyzes the malware in
CryptBot Info-stealer Malware Being Distributed in Different Forms
CryptBot is an info-stealer malware distributed through malicious sites disguised as utility program downloading pages. When searching keywords such as names of certain programs, cracks, and serial numbers, the related distribution sites are exposed at the top of the search results page. Upon connecting to the page and clicking the
njRAT Being Distributed through Webhards and Torrents
njRAT is a RAT malware that can perform various malicious activities after receiving commands from the attacker. Because it provides various features such as file downloading, command execution, keylogging, and user account information extortion, it has been steadily used by attackers since the past. Also, since one can easily find
APT Attacks on Domestic Companies Using Library Files
Recently, there have been continuous attacks targeting domestic companies. Most of the malicious files collected from the companies’ breached systems have been dynamic library (DLL) files, but the files used in the attacks this time are different from general DLL files. The collected files had their normal libraries modified maliciously
