APT Attacks on Domestic Companies Using Library Files

Recently, there have been continuous attacks targeting domestic companies. Most of the malicious files collected from the companies’ breached systems have been dynamic library (DLL) files, but the files used in the attacks this time are different from general DLL files. The collected files had their normal libraries modified maliciously through a variety of methods. It has not been found how the malicious files were created in the system and what the initial attack path was. Also, due to the…

Malware Disguised as Food Delivery App Being Distributed

On May 10, the ASEC analysis team confirmed that an attacker has been distributing malware in the disguise of a food delivery app, in time with the recent surge in consumption of delivery food due to COVID-19. I’d like to order app.zip (name of the compressed file) I’d like to order app\marketing.docx (XML External document malware within compressed file) I’d like to order app\changes.docx (XML External document malware within compressed file) (The filename used in the discovered malicious zip file…

ASEC Weekly Malware Statistics (May 17th, 2021 – May 23rd, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 17th, 2021 (Monday) to May 23rd, 2021 (Sunday). For the main category, info-stealer ranked top with 75%, followed by RAT (Remote Administration Tool) malware with 19.3%, downloader with 3.6%, and ransomware with 2.1%. Top 1 – AgentTesla AgentTesla was ranked first place with 27.9%. It is an info-stealer malware that leaks user…

CoinMiner’s Attempt to Bypass AMSI by V3 Memory Scan

The ASEC analysis team confirmed the distribution of CoinMiner that can disable the AMSI detection feature. Added in Windows 10, AMSI is a feature supported by Microsoft that allows applications and services to be linked with anti-malware software to detect malware. Currently, V3 Lite 4.0 and V3 365 Clinic 4.0 are utilizing the AMSI feature to respond to various types of malware including BlueCrab ransomware. The CoinMiner that can disable AMSI is being distributed in the fileless form utilizing the…

ASEC Weekly Malware Statistics (May 10th, 2021 – May 16th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 10th, 2021 (Monday) to May 16th, 2021 (Sunday). For the main category, info-stealer ranked top with 71.2%, followed by RAT (Remote Administration Tool) malware with 19.9%, CoinMiner with 3.7%, ransomware with 2.8%, and downloader with 2.0%. Backdoor and banking malware each accounted for 0.2%. Top 1 – AgentTesla AgentTesla was ranked first…