Watch Out… Malware Disguised as Software Activation Tools are on the Loose! Posted By AhnLab_en , June 4, 2020 AhnLab has recently identified a malware being distributed in the wild disguised as a software activation tool. The malicious campaign is targeted towards users trying to get access to pirated softwares. The attacker distributed malicious executable files disguised as software activation tools. Examples of these tools include KMSAuto and KMSPico. It can be commonly downloaded from illegal software download sites and P2P file-sharing sites. When the user executes the malicious executable file, a fake password input appears. When the user enters the password…
Distribution of Hangul Word Processor File (HWP) during Academic Conference Season in Korea Posted By AhnLab_en , June 4, 2020 On May, ASEC analysis team shared details of Hangul Word Processor file (HWP) malware that is being distributed across various fields (see blog post below). In the past, it was distributed with the titles related to ‘real-estate,’ however, malware today is developed with titles related to thesis and other academic items based on the scheduled academic conferences in Korea. So far, AhnLab discovered 2 filenames that are being used by malicious HWP files, and among the topics discussed in the blog…
Analysis of Connection Between Malicious Hangul Word Processor Files (.hwp) by Theme Posted By AhnLab_en , May 29, 2020 In the previous post, ASEC shared information on how the titles of the distributed malicious HWP files changed over the course of 3 months. This post is written as a follow-up to the previous post to shed some light on the new information about relationship between title categories. Connection between Theme 1, Theme 2, and Theme 3 Similarities were found between HWP files of Theme 1 (COVID19), Theme 2 (Real-estate), and the themes that were mentioned in the previous post….
Distribution of HWP Malware via Real-estate Investment Emails (Uses EPS) Posted By AhnLab_en , May 25, 2020 Distribution of malicious HWP files that has been increasing since April is still ongoing. In this blog, ASEC will explain about the Hangul Word Processor file (.HWP) disguised as a real-estate investment email (received last week) which is currently being distributed. Once a user opens the Hangul Word Processor file (.HWP) attached in the email, the malicious postscript (EPS) within the HWP file activates and executes malicious behaviors. The EPS causes CVE-2017-8291 vulnerability so that the code inside starts…
Distribution of Malware Using Word File Disguised as Coin Company Recruitment Table Document Posted By AhnLab_en , May 14, 2020 On May 8, AhnLab ASEC analysis team uploaded a post that shed some light on distribution of malware that stole certificate of a Korean gaming company. Since then, AhnLab ASEC confirmed distribution of malware of the same type that went through some modifications. These files are using a variety of filenames, and further information will be explained below. Like the case introduced in the previous blog post, this malware used the recruitment table of a coin company. Furthermore, the attacker…
