Malicious Word File Disguised as Compensation Request Form (External Connection + VBA Macro)

With malicious document files being distributed in various document formats such as HWP, DOC, XSLX, and PDF, it is safe to say that such a document-based malware has become a new trend among attackers. In pursuit of this trend, ASEC analysis team has been publishing various articles that contain related information in our blog. Today, ASEC analysis team will share the information on the newly-found malicious Word document file. This malicious Word document file takes a form of a ‘Compensation Request…

Malicious Word Documents with External Link of North Korea Related Materials

In the previous, ASEC analysis team has introduced various types of document-based malware. Among them, malicious documents of North Korea related materials were generally produced in HWP file format. You can check the relevant information from previous ASEC blog posts. Today, DOC (Word) documents containing North Korea related materials collected by ASEC analysis team will partially be introduced. These documents are assumed to be distributed via email, and they had following content within. Upon opening, it connects to ‘External URL’…

Caution! Magniber Ransomware Being Distributed in Korea Using CVE-2021-26411 Vulnerability

The distributor of Magniber ransomware has continued to evolve to avoid V3’s detection. It goes without saying that subscribers of ASEC Blog are well aware of the fact that AhnLab has been fighting the developers of Magniber ransomware for a long time, and that the history almost resembles a cat-and-mouse chase. This time, the distributor of Magniber waited for the anniversary day of AhnLab (March 15th), which is also a traditional holiday for AhnLab. On this day, the distributor swiftly…

Malware Being Sneakily Installed in My PC-BeamWinHTTP Malware

The weekly malware statistics which ASEC analysis team uploads every week show that the number of occurrences for a downloader type malware named BeamWinHTTP has been on the rise for the last few weeks. According to the last ASEC weekly malware statistics, BeamWinHTTP malware is one of the top 3 most distributed malware. Since it downloads various types of malware when run, users must take extra caution. BeamWinHTTP malware is executed by a PUP installer, and users who attempt to…

Distribution of Malware via Resume/Copyright-Related Emails (Ransomware, Infostealer)

ASEC analysis team has confirmed the malware under the disguise of a resume is still being distributed. This time, it disguised as resume and copyright-related files. The file that is being recently distributed also takes the form of NSIS (Nullsoft Scriptable Install System) and is being distributed under various filenames as translated below. Outline on the original image (the image I created) and the image you are currently using.exe You have violated copyright laws and here is the summary of…