AveMaria malware being distributed as spam mail Posted By AhnLab_en , August 10, 2020 AveMaria is a RAT (Remote Administration Tool) malware with a remote control feature that receives commands from the C&C server and performs a variety of malicious behaviors. As shown in the weekly statistics below, it is not included in the Top 5, but it has consistently been taking up a certain percentage of the total. AveMaria malware has been distributed via spam mails similar to AgentTesla, Lokibot, and Formbook malware. Additionally, it is packeted and distributed in a form of…
How AgentTesla Malware is Being Distributed in Korea Posted By AhnLab_en , July 28, 2020 Since early this year, cases of distribution of phishing emails that contain a malicious Powerpoint file (*.PPT) have been reported. ASEC analysis team has recently detected AgentTesla, a malware that is ultimately run via this attack method. In this report, our goal is to share information on this malware. In January 2020, an email that contained PPT with info-leaking malware, azorult, was distributed overseas. (Blog post:https://appriver.com/resources/blog/january-2020/powerpoint-malware-references-drake-lyrics-drop-lokibot-azorult) In July 2020, an info-leaking malware named AgentTesla was distributed using a distribution method…
Emotet is Back and Spamming Again! Posted By AhnLab_en , July 21, 2020 Emotet is back after almost five months of absense. It disappeared in early February, 2020 and came back recently in July to resume it’s phishing campaigns. AhnLab Security Emergency-response Center(ASEC) has confirmed the return of Emotet malware through its blog on July 22nd. Emotet is an infamous botnet that is known for its phishing campaigns. Even after a five-month-long break, their old tricks of using phishing emails remained the same. Emotet’s phishing campaign can be primarily divided into three types:…
Distribution of Malicious Document File (XLS) Disguised as COVID-19 Predictions Posted By AhnLab_en , July 15, 2020 While the battle against relentless waves of malware using the COVID-19 theme continues, AhnLab ASEC analysis team discovered another attack disguised as ‘COVID-19 Predictions’ to deceive users to open the email and the document file attached. It was distributed via a phishing email, and this email had a malicious excel document. The excel file in the email has the number of confirmed COVID-19 cases by country. Any user who wishes to check the total number of the deceased has no…
Scam Alert: FormBook Malware Steals Incoming Mail Posted By AhnLab_en , July 6, 2020 ASEC (AhnLab Security Emergency response Center) analysis team has recently confirmed that FormBook is using new tactics to persuade users into downloading and executing malicious email attachments. According to ASEC’s weekly malware analysis report, FormBook was one of the most actively distributed malware in East Asia during July. FormBook is an info stealer malware that disguises itself as normal email attachments, such as estimates, order receipts, package deliveries, and invoice documents. The email message is short and simple. The email…
