LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed

The ASEC analysis team has once again discovered the distribution of LockBit ransomware using phishing e-mail, and disguising itself as copyright claims e-mail which was introduced in the previous blog. The filename of the attachment in e-mail had password included, which is similar to that of phishing e-mail distributed last February (see the link below). LockBit Ransomware Being Distributed Using Resume and Copyright-related Emails As shown in Figure 2, the phishing e-mail has a compressed file as an attachment that…

Windows MSDT Zero-day Vulnerability ‘DogWalk’ Detected by V3

On June 8th, a new Windows Zero-day vulnerability named DogWalk was revealed by Hacker News (thehackernews.com). Similar to that of Follina vulnerability that targeted MS Office document files, this is a vulnerability that occurs from MSDT (Microsoft Support Diagnostic Tool), and it has a risk of copying malware in Windows Startup folder upon running the compressed “.diagcab” extension file. Although PC has to be restarted for the malicious file to operate, users are exposed to attacks since no patch has…

Bumblebee Being Distributed in Korea Through Email Hijacking

The ASEC analysis team has recently discovered the active distribution of Bumblebee, a downloader type malware. It is distributed using phishing emails in ISO file, and this file contains a shortcut and malicious DLL file. There were also cases of malware being distributed to Korean users through email hijacking. The image below shows phishing emails distributing Bumblebee. They hijacked normal emails and were sent to users as replies with malicious attachments. Users who receive the email may open the attachment…

ASEC Weekly Malware Statistics (June 6th, 2022 – June 12th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 6th, 2022 (Monday) to June 12th, 2022 (Sunday). For the main category, banking malware ranked top with 44.1%, followed by infostealer with 39.3%, backdoor with 9.9%, downloader with 2.9%, and coinminer with 1.9%. Top 1 – Emotet Emotet ranked first place with 41.5%. Emotet is a banking malware that is being continuously…

Malicious HWP Files with BAT Scripts Being Distributed Actively (North Korea/National Defense/Broadcasting)

The ASEC analysis team has discovered the active distribution of APT files that are exploiting a feature of HWP files (OLE object insertion) recently. After the case introduced in the post “Malicious HWP File Disguised as Press Release of 20th Presidential Election Early Voting for Sailors Being Distributed” on March 8th, the attacker is continuously distributing malicious HWP files targeting people in the field of national defense, North Korea-related materials, and broadcasting. When the file is opened, the OLE object…