ASEC Weekly Malware Statistics (May 8th, 2023 – May 14th, 2023) Posted By ASEC , May 18, 2023 AhnLab Security Emergency response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 8th, 2023 (Monday) to May 14th, 2023 (Sunday). For the main category, Infostealer ranked top with 49.8%, followed by downloader with 37.3%, backdoor with 11.0%, ransomware with 1.4%, and CoinMiner with 0.5%. Top 1 – Amadey This week, Amadey Bot ranked first place with 25.8%. Amadey is a downloader that can…
ASEC Weekly Phishing Email Threat Trends (April 30th, 2023 – May 6th, 2023) Posted By ASEC , May 15, 2023 AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from April 30th, 2023 to May 6th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,…
LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea Posted By AhnLab_en , May 15, 2023 AhnLab Security Emergency response Center(ASEC) has confirmed the distribution of the LokiLocker ransomware in Korea. This ransomware is almost identical to the BlackBit ransomware and their common traits have been mentioned before in a previous blog post. A summary of these similarities is as follows. Similarities Between LokiLocker and BlackBit Disguised as svchost.exe The BlackBit ransomware, which was covered in a previous post, disguised itself as a svchost.exe file. Similarly, the recently discovered LokiLocker ransomware was also found disguised as…
Chinese Hacker Group Stealing Information From Korean Companies Posted By AhnLab_en , May 15, 2023 Recently, there have been frequent cases of attacks targeting vulnerable servers that are accessible externally, such as SQL servers or IIS web servers. The team has confirmed two affected companies in this case. One being a company for semiconductors, and the other being a smart manufacturing company which utilizes artificial intelligence. It is assumed that the threat group that carried out the hacking attack is a Chinese hacker group like Xiaoqiying and Dalbit, as a Chinese text file containing instructions…
RecordBreaker Infostealer Disguised as a Well-known Korean Software Posted By AhnLab_en , May 15, 2023 The RecordBreaker Stealer is one of the main malware distributed disguised as the download of illegal programs such as cracks and keygens. It first appeared last year and has since been actively distributed to normal users. It is also referred to as Raccoon Stealer V2 and is being distributed through various channels, including websites and YouTube. CryptBot, which had been actively distributed in the same manner, had completely disappeared since February of this year, and the Vidar malware sometimes makes…
