ASEC Weekly Malware Statistics (May 23rd, 2022 – May 29th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 23rd, 2022 (Monday) to May 29th, 2022 (Sunday). For the main category, info-stealer ranked top with 76.9%, followed by RAT (Remote Administration Tool) malware with 16.6%, downloader with 5.2%, and ransomware with 1.3%. Top 1 – AgentTesla AgentTesla is an infostealer that has taken first place once again with 32.3%. It is an…

NSIS Installer Malware Included with Various Malicious Files

The ASEC analysis team recently discovered attackers distributing multiple malicious files with NSIS installers. NSIS (Nullsoft Scriptable Install System) is normally used to create installers for certain programs. It can be also used for creating malware strains as it is script-based and thus makes nearly identical forms for NSIS installers. NSIS installer-type malware strains have been used a lot by attackers. The type introduced in this post includes multiple malicious files in a single installer: running one file will infect…

AgentTesla Being Distributed Through Windows Help File (*.chm)

The ASEC analysis team recently discovered AgentTesla being distributed with a new method. Previously, AgentTesla discussed in multiple ASEC blog posts was distributed by the malicious VBA macro inside PowerPoint files (*.ppt). However, the new method uses Windows Help files (*.chm) to run powershell commands. The malicious CHM files are distributed as compressed files attached to phishing emails imitating emails sent from DHL, a transport company. As phishing emails disguised as other topics are also being distributed, users need to…

ASEC Weekly Malware Statistics (May 16th, 2022 – May 22nd, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 16th, 2022 (Monday) to May 22nd, 2022 (Sunday). For the main category, info-stealer ranked top with 71.8%, followed by RAT (Remote Administration Tool) malware with 19.1%, downloader with 3.7%, ransomware with 3.3%, banking malware with 1.7%, and backdoor with 0.4%. Top 1 – AgentTesla AgentTesla is an infostealer that has taken first place…

XLL Malware Distributed Through Email

Malware strains have been created and distributed in various forms and types. As such, the ASEC analysis team is actively monitoring and analyzing such changes to allow AhnLab products to detect them. This post will introduce XLL malware that was discovered being distributed last year. XLL files are Microsoft Excel add-in files that operate with the extension .xll and can be opened by Excel. One thing to note is that the files are opened with MS Excel. This means users…