ASEC Weekly Malware Statistics (April 4th, 2022 – April 10th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from April 4th, 2022 (Monday) to April 10th, 2022 (Sunday). For the main category, info-stealer ranked top with 74.1%, followed by RAT (Remote Administration Tool) malware with 15%, downloader with 6.2%, ransomware with 2.9%, and banking malware with 1.8%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 27.7%. It is…

[Caution] Virus/XLS Xanpei Infecting Normal Excel Files

The ASEC analysis team has recently discovered the constant distribution of malware strains that spread the infection when Excel file is opened. Besides infecting normal Excel files, they can also perform additional malicious behaviors such as acting as a downloader and performing DNS Spoofing, therefore, users need to take great caution. The common trait of the malware strains is to spread the virus through the VBA (Visual Basic for Applications) codes included in Excel files. Upon opening the infected Excel…

SystemBC Being Used by Various Attackers

SystemBC is a proxy malware that has been used by various attackers for the last few years. While it is recently distributed through SmokeLoader or Emotet, this malware has steadily been used in various ransomware attacks in the past. When an attacker attempts to access a certain address with malicious intent, the system can be used as a passage if the infected system utilizes SystemBC, which acts as a Proxy Bot. Because it can also act as a downloader to…

ASEC Weekly Malware Statistics (March 28th, 2022 – April 3rd, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 28th, 2022 (Monday) to April 3rd, 2022 (Sunday). For the main category, info-stealer ranked top with 69.6%, followed by RAT (Remote Administration Tool) malware with 21.0%, ransomware with 5.1%, downloader with 3.6%, and CoinMiner with 0.7%. Top 1 – AgentTesla AgentTesla ranked first place with 28.3%. It is an info-stealer that leaks user…

Malicious Help File Disguised as COVID-19 Infectee Notice Being Distributed in Korea

The ASEC analysis team introduced readers to malware that takes the form of a Windows help file (*.chm) about two weeks ago. The malicious CHM file that was recently discovered is disguised as a notice for people infected with COVID-19 and is being distributed to Korean users. The attacker is probably distributing the file in such a form because Korea has recently seen a surge in COVID-19 case numbers. The name of the file that is being distributed is shown…