Guide to Prevent Execution of Excel 4.0 Macro Malware – Microsoft Office 365 Product
Excel 4.0 macro (XLM) malware is an attack method that uses Microsoft Office Excel files, and it has been established as the new document malware flow following VBA (Visual Basic Application). Excel 4.0 macro malware uses the ‘macro sheet’ feature in Excel. Each cell in the Excel sheet is composed
ASEC Weekly Phishing Email Threat Trends (December 18th, 2022 – December 24th, 2022)
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from December 18th, 2022 to December 24th, 2022 and provide statistical information on each type. Generally, phishing is
Distribution of NetSupport RAT Malware Disguised as a Pokemon Game
NetSupport Manager is a remote control tool that can be installed and used by ordinary or corporate users for the purpose of remotely controlling systems. However, it is being abused by many threat actors because it allows external control over specific systems. Unlike backdoors and RATs (Remote Access Trojans), which
Distribution of Redline Stealer Disguised as Software Crack
In the previous blog post, the AhnLab ASEC analysis team has mentioned malware that is searched through keywords such as cracks and serials of commercial software, urging users to take caution. Various Types of Threats Disguised as Software Download Being Distributed While investigating a recent breach case of the internal
Case of Infection With Lockis Ransomware in a Company, Caused by Not Using Anti-Malware’s Lock Policy
Around November, one of AhnLab’s clients suffered an infection from the Lockis ransomware to several of their servers. As the targeted company suffered a malware infection despite the fact it was using the anti-malware program V3, AhnLab A-FIRST conducted a forensic analysis to find out the cause of infection. As
Hacking Tool Used With Lockis Ransomware
AhnLab A-FIRST conducted a forensic analysis of the damaged system infected with Lockis ransomware around November. Lockis ransomware is a variant of GlobeImposter ransomware that the Russian attack group TA505 uses, and it first appeared on September 16th. The number of variants of the GlobeImposter ransomware has constantly been increasing
Shc Linux Malware Installing CoinMiner
The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader,
ASEC Weekly Malware Statistics (December 12th, 2022 – December 18th, 2022)
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 12th, 2022 (Monday) to December 18th, 2022 (Sunday). For the main category, downloader ranked top with 61.9%, followed by Infostealer with 24.7%, backdoor
How Infostealer Threat Actors Make a Profit
Infostealer is a type of information-stealing malware with the goal of stealing user credentials such as the user account information, cryptocurrency wallet address, and files that are saved in programs such as web browsers and email clients. According to the ASEC report for Q3 2022, Infostealers make up more than
ASEC Weekly Phishing Email Threat Trends (December 11th, 2022 – December 17th, 2022)
The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from December 11th, 2022 to December 17th, 2022 and provide statistical information on each type. Generally, phishing is
