Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped)

In December last year, the vulnerability (CVE-2021-44228) of Java-based logging utility Log4j became a worldwide issue. It is a remote code execution vulnerability that can include the remote Java object address in the log message and send it to the server using Log4j to run the Java object in the server. The ASEC analysis team is monitoring the Lazarus group’s attacks on targets in Korea. In April, the team discovered an attack group suspected of being Lazarus distributing NukeSped by…

Malicious Help File Disguised as Missing Coins Report and Wage Statement (*.chm)

The ASEC analysis team has discovered a continuous distribution of malware disguised as a Windows Help File (*.chm). The most recent CHM file is identical to the file introduced in <APT Attack Being Distributed as Windows Help File (*.chm)> to download the additional malware. It appears that the CHM file of this type is distributed in the form of a compressed file. The confirmed filenames of the compressed files and internal CHM files are as follows: Names of Compressed Files…

ASEC Weekly Malware Statistics (May 2nd, 2022 – May 8th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 2nd, 2022 (Monday) to May 8th, 2022 (Sunday). For the main category, info-stealer ranked top with 73.1%, followed by RAT (Remote Administration Tool) malware with 19.3%, ransomware with 5.0%, and downloader with 2.5%. Top 1 – AgentTesla AgentTesla is an infostealer that has taken first place once again with 49.6%. It is an…

ASEC Weekly Malware Statistics (April 25th, 2022 – May 1st, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from April 25th, 2022 (Monday) to May 1st, 2022 (Sunday). For the main category, info-stealer ranked top with 70.3%, followed by RAT (Remote Administration Tool) malware with 18.8%, ransomware with 7.9%, downloader with 2.5%, and coinminer with 0.5%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 38.6%. It is an…

Backdoor (*.chm) Disguised as Document Editing Software and Messenger Application

The ASEC analysis team confirmed that a backdoor malware disguised as document editing software and messenger application used by many Korean users is being distributed in Korea through malicious CHM files. The team recently introduced malicious CHM files distributed in various forms twice in the ASEC blog in March. The malicious files discussed in this post execute additional malicious files via a process that is different from the previous cases. The names of some CHM files that are currently distributed…