AppleSeed Disguised as Wi-Fi Router Firmware Installer Being Distributed
On May 26th, the ASEC analysis team discovered the distribution of AppleSeed disguised as a Wi-Fi router firmware installer. Previously discovered AppleSeed strains were mainly distributed by disguising themselves as normal document or image files. The dropper malware that creates AppleSeed either used script formats such as JS (Java Script)
Caution! Microsoft Office Zero-day Vulnerability Follina (CVE-2022-30190)
A new vulnerability named Follina (CVE-2022-30190) has been revealed. According to Microsoft, it is a remote code execution vulnerability that occurs when the URL protocol is used to call MSDT in calling applications such as Microsoft Word. With the privileges of the calling application, attackers can run arbitrary codes, install additional
ASEC Weekly Malware Statistics (May 16th, 2022 – May 22nd, 2022)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 16th, 2022 (Monday) to May 22nd, 2022 (Sunday). For the main category, info-stealer ranked top with 71.8%, followed by RAT (Remote Administration
NSIS Installer Malware Included with Various Malicious Files
The ASEC analysis team recently discovered attackers distributing multiple malicious files with NSIS installers. NSIS (Nullsoft Scriptable Install System) is normally used to create installers for certain programs. It can be also used for creating malware strains as it is script-based and thus makes nearly identical forms for NSIS installers.
ASEC Weekly Malware Statistics (May 9th, 2022 – May 15th, 2022)
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 9th, 2022 (Monday) to May 15th, 2022 (Sunday). For the main category, info-stealer ranked top with 79.4%, followed by RAT (Remote Administration
AgentTesla Being Distributed Through Windows Help File (*.chm)
The ASEC analysis team recently discovered AgentTesla being distributed with a new method. Previously, AgentTesla discussed in multiple ASEC blog posts was distributed by the malicious VBA macro inside PowerPoint files (*.ppt). However, the new method uses Windows Help files (*.chm) to run powershell commands. AgentTesla Being Distributed via More
Why Remediation Alone Is Not Enough When Infected by Malware
In January 2022, a prominent Korean company in the manufacturing industry had many of its internal systems infected by the Darkside ransomware. As the ransomware was found to be distributed using the AD group policy, AhnLab attempted to conduct a DC server forensic analysis. However, as the virtual environment operating
XLL Malware Distributed Through Email
Malware strains have been created and distributed in various forms and types. As such, the ASEC analysis team is actively monitoring and analyzing such changes to allow AhnLab products to detect them. This post will introduce XLL malware that was discovered being distributed last year. XLL files are Microsoft Excel
Method that Tricks Users to Perceive Attachment of PDF File as Safe File
The ASEC analysis team has discovered the distribution of info-stealer malware using Attachment feature of PDF files. This attack method was discovered previously, but as the malware of this type has resurfaced and is being actively distributed, the team would like to share the information. Note that the attacker used
Kimsuky’s Attack Attempts Disguised as Press Releases of Various Topics
The ASEC analysis team has discovered that a malware strain disguised as press releases is being distributed. When this malware is run, it loads a normal document file and attempts to access malicious URLs. If the access is successful, the script existing on the webpage is run. It appears the
