GlobeImposter Ransomware Being Distributed in Korea Posted By jcleebobgatenet , October 12, 2022 The ASEC analysis team has recently identified through internal monitoring that the GlobeImposter ransomware, which targets vulnerable MS-SQL servers, is being distributed. This GlobeImposter ransomware has also been mentioned in AhnLab TIP’s quarterly statistics, specifically in the ‘2022 1st and 2nd Quarter Statistical Report on Malware Targeting MS-SQL,’ and in the 2nd quarter, GlobeImposter took up 52.6% of ransomware targeting MS-SQL. It has been identified that the GlobeImposter ransomware is still appearing in the soon-to-be-released 3rd quarter statistics. This ransomware…
ASEC Weekly Malware Statistics (September 26th, 2022 – October 2nd, 2022) Posted By jcleebobgatenet , October 12, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 26th, 2022 (Monday) to October 2nd, 2022 (Sunday). For the main category, downloader ranked top with 38.2%, followed by info-stealer with 35.1%, ransomware with 14.7%, backdoor with 11.6%, and CoinMiner with 0.4%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 16.7%. BeamWinHTTP is distributed via malware disguised…
Qakbot Being Distributed as ISO Files Instead of Excel Macro Posted By jcleebobgatenet , October 12, 2022 There is a recent increase in the distribution method of malware through ISO files. Among the malware, it has been identified that Qakbot, an online banking malware, has had its distribution method changed from Excel 4.0 Macro to ISO files. The ASEC blog introduced cases of ISO file usage for not only Qakbot, but also AsyncRAT, IcedID, and BumbleBee malware. As such, we can see that cases of using ISO files for malware distribution are increasing. The phishing mail that…
Change in Magniber Ransomware (*.js → *.wsf) – September 28th Posted By jcleebobgatenet , October 5, 2022 The ASEC analysis team has explained through the blog post on September 8th that the Magniber ransomware has changed from having a CPL extension to a JSE extension. The attacker made another change after September 8th, changing the file extension from JSE to JS on September 16th. And on September 28th, the attacker changed the distribution method once again, changing the file extension from JS to WSF. It seems the attacker is continuously distributing variations to bypass various detection methods…
ASEC Weekly Malware Statistics (September 19th, 2022 – September 25th, 2022) Posted By jcleebobgatenet , September 28, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 19th, 2022 (Monday) to September 25th, 2022 (Sunday). For the main category, info-stealer ranked top with 51.3%, followed by backdoor with 21.1%, downloader with 17.2%, and ransomware with 10.3%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 20.7%. It is an info-stealer that leaks user credentials saved…
