March 31, 2025
March 31, 2025 Hash 1622592fb408f166272e0aa555e5910de 22be6234b5055cd1ff859cb0de590ad83 34651aa539af45c5962bbc7f36de1fd0f URL 1https[:]//rich-ash-shame[.]glitch[.]me/ 2https[:]//rustic-magnificent-pantydraco[.]glitch[.]me/ 3https[:]//descriptive-teal-foe[.]glitch[.]me/index%20(1)[.]html IP 1122[.]234[.]212[.]130 2104[.]248[.]223[.]124 389[.]47[.]53[.]19...
Remcos RAT Malware Disguised as Major Carrier’s Waybill
AhnLab SEcurity intelligence Center (ASEC) has recently discovered the Remcos malware disguised as a waybill from a major shipping company. This article details the distribution distribution flow from HTML, JavaScript, and AutoIt scripts leading to the execution of the final Remcos malware. Figure 1 shows the original email with
March 30, 2025
March 30, 2025 Hash 154bc82922c1a6944546ba83ffdb5db0a 24e2773055c5e35139c95806d26da2331 34850e8c2a820347b728c126fd0770fc2 URL 1https[:]//openvpn[.]tech/vpn-download 2http[:]//85[.]209[.]11[.]155/joinsystem/ 3http[:]//188[.]38[.]106[.]89[:]47786/i IP 191[.]107[.]169[.]32 2218[.]15[.]121[.]54 34[.]246[.]229[.]205...
March 29, 2025
March 29, 2025 Hash 10fdf97fd22012e8b7b4c2c6698fbb81e 2c13db306bd366bedeb6393cc706d252a 39ba1140c70c03595deb1b018149ef607 URL 1https[:]//postsfreedomglt[.]weebly[.]com/ 2http[:]//beirutrest[.]com/pw_dfpxjvuo0gu-desktop-nezgvyl_2025_03_28_12_35_50[.]html 3http[:]//beirutrest[.]com/pw_5kvvswefxi9-desktop-qpzlht6_2025_03_28_12_39_24[.]html IP 145[.]135[.]193[.]100 2178[.]72[.]78[.]165 3182[.]191[.]139[.]212...
March 28, 2025
March 28, 2025 Hash 1ab21b5f5b10b8168e8d8d3463db238ff 29de68db77f52b258395ee361319d7063 37466eaea775779a36a93fef91473116f URL 1http[:]//196[.]251[.]86[.]49/bins/k03ldc[.]i486 2https[:]//ichika[.]tw/G1Cmvj 3https[:]//metalvalor[.]mkw[.]eu/wp-includes/ IP 11[.]171[.]81[.]83 2216[.]172[.]190[.]206 3106[.]15[.]59[.]138...
Mobile Security & Malware Issue 4st Week of March, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of March, 2025”
Phishing Emails Impersonating the National Tax Service (NTS)
AhnLab SEcurity intelligence Center (ASEC) has recently identified phishing emails impersonating the tax authority in Korea called National Tax Service (NTS, also known as Hometax). The email body is disguised as the contents of an electronic tax invoice, and the recipient is asked to open the attached HTML file for
SVG Phishing Malware Being Distributed with Analysis Obstruction Feature
AhnLab SEcurity intelligence Center (ASEC) recently identified a phishing malware being distributed in Scalable Vector Graphics (SVG) format. SVG is an XML-based vector image file format commonly used for icons, logos, charts, and graphs, and it allows the use of CSS and JS scripts within the code. In November 2024,
Google Chrome Browser (134.0.6998.177/.178) Security Update Advisory
Overview Google has released an update to address a vulnerability in the Chrome(https://www.google.com/chrome) browser. Users of affected versions are advised to update to the latest version. Affected Products Chrome versions 134.0.6998.177/.178 and earlier (Windows) Resolved Vulnerabilities A high-level unspecified circumstance in the Mojo on windows
Mark of the Web (MoTW) Bypass Vulnerability
Overview Mark of the Web (MoTW) is a Windows feature that identifies files downloaded from the Internet and displays a security warning, as well as restricts the files to be executed with a warning message or in a protected mode. However, threat actors have been bypassing Mark of the Web
