Malicious Word Documents Using MS Media Player (Impersonating AhnLab) Posted on April 5, 2022 Last week, the ASEC analysis team uploaded a post named “Malicious Word File Targeting Corporate Users Being Distributed” that contained information about a malicious Word file. Currently, documents of the same type are being distributed with text that impersonates AhnLab. The Word files confirmed this time download another Word file containing malicious VBA macro via the external URL and run it. Another difference is that the additionally downloaded Word file uses the Windows Media Player() function instead of AutoOpen() to…
APT Attacks Using Word File Disguised as Donation Receipts for Uljin Wildfire (Kimsuky) Posted on April 1, 2022 At the beginning of March this year, a wildfire broke out in the Samcheok and Wuljin area, and numerous people from all over Korea donated to help the victims and restore the damages. Amidst such a situation, the ASEC analysis team discovered the attacker’s attempt at launching APT attacks disguised as donation receipts for the Uljin wildfire. The file was created on March 28th, and its author’s name is the same as the author (Acer) that was introduced in the…
APT Attack Disguised as Resume Template for North Korean Defectors (VBS Script) Posted on April 1, 2022 The ASEC analysis team has recently discovered that a malicious info-leaking VBS is being distributed via phishing email disguised as North Korea-related material. The email is about casting calls for a North Korea-related broadcast, and a compressed file is attached to it. It asks the readers to fill out the resume, prompting them to run the file. The compressed file contains a malicious VBS script file. The activities of ‘2022 Resume Template.vbs’ are as follows: Collects and sends information Creates…
ASEC Weekly Malware Statistics (March 21st, 2022 – March 27th, 2022) Posted on March 30, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 21st, 2022 (Monday) to March 27th, 2022 (Sunday). For the main category, info-stealer ranked top with 75.4%, followed by RAT (Remote Administration Tool) with 16.7%, downloader with 4.8%, banking malware with 2.4%, ransomware with 0.8%. Top 1 – AgentTesla AgentTesla ranked first place with 25.4%. It is an info-stealer that leaks user credentials…
Malicious Word File Targeting Corporate Users Being Distributed Posted on March 30, 2022 The ASEC analysis team discovered a Word file that seems to target corporate users. The file contains an image that prompts users to enable macros like other malicious files. To trick users into thinking that this is an innocuous file, it shows information related to improving Google account security when the macro is run. Ultimately, it downloads additional malware files and leaks user information. When the file is run, it shows a warning image that mentions ‘file created in public…
