ASEC Weekly Malware Statistics (April 26th, 2021 – May 2nd, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from April 26th, 2021 Monday to May 2nd, 2021 Sunday. For the main category, info-stealer ranked top with 75.9%, followed by RAT (Remote Administration Tool) malware with 19.3%, downloader with 1.3%, and CoinMiner with 2.6%. Ransomware and banking malware accounted for 0.4%. Top 1 – AgentTesla AgentTesla was ranked first place with 32.9%. It…

Attack Against Ukrainian Ministry of Defense Using E-mail Disguised as Free Bitcoin Reward

ASEC analysis team has confirmed the distribution of malicious e-mail disguised as a free Bitcoin reward that targets specific individuals in Ukrainian Ministry of Defense. This malware uses a recent hot topic, Bitcoin, and tricks people into downloading the end-stage malware through various methods. Upon downloading the PDF file attached to the e-mail, the user can see the content of the PDF file which states that Bitcoin can be received for free if the user accesses the short URL written…

Lokibot Malware Disguised as Phishing E-mail Requesting for Estimate

ASEC analysis team has discovered the distribution of Lokibot malware disguised as an estimate request e-mail. Lokibot malware has been distributed continually over several years, and a closer look at the weekly malware statistics uploaded to the ASEC blog reveals the fact that Lokibot consistently remained high on the weekly statistics list. The recently-discovered Lokibot malware is being distributed as an attachment file within the phishing mail, and its notable characteristic is the CAB/LZH archive file format. The e-mail is…

Distribution of RTF Vulnerability Malware that Takes Advantage of Microsoft Office Word’s External Connection

Distribution of RTF vulnerability (CVE-2017-11882) malware that uses external connection of MS Office Word document has been found. Employees must be on the lookout as the attacker is using spam e-mails to distribute malware to domestic shopping malls and other businesses. Recently, the distribution of MS Office Word malware using external connection has been increasing exponentially. As the attacker uses normal XML Relationship of OOXML (Office Open XML) format and uses malicious URL for only the target address, it is…

[Caution] Makop Ransomware Disguised as Job Application E-mail Being Distributed!

ASEC analysis team has recently discovered ransomware disguised as job application being distributed via e-mail. It appears that the attacker is targeting recruitment managers of various companies amidst the recruitment season of the first half of the year. Hence, recruiters must pay particular attention when managing their e-mail accounts. The distributed e-mails had titles with names which can be perceived as the applicant’s name, and compressed attachments. The names of the distributed files are as follows: ● ResumeandPortfolio_210412 (If you…