GlobeImposter Ransomware Being Distributed in Korea

The ASEC analysis team has recently identified through internal monitoring that the GlobeImposter ransomware, which targets vulnerable MS-SQL servers, is being distributed. This GlobeImposter ransomware has also been mentioned in AhnLab TIP’s quarterly statistics, specifically in the ‘2022 1st and 2nd Quarter Statistical Report on Malware Targeting MS-SQL,’ and in the 2nd quarter, GlobeImposter took up 52.6% of ransomware targeting MS-SQL. It has been identified that the GlobeImposter ransomware is still appearing in the soon-to-be-released 3rd quarter statistics. This ransomware…

ASEC Weekly Malware Statistics (September 26th, 2022 – October 2nd, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 26th, 2022 (Monday) to October 2nd, 2022 (Sunday). For the main category, downloader ranked top with 38.2%, followed by info-stealer with 35.1%, ransomware with 14.7%, backdoor with 11.6%, and CoinMiner with 0.4%. Top 1 –  BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 16.7%. BeamWinHTTP is distributed via malware disguised…

Qakbot Being Distributed as ISO Files Instead of Excel Macro

There is a recent increase in the distribution method of malware through ISO files. Among the malware, it has been identified that Qakbot, an online banking malware, has had its distribution method changed from Excel 4.0 Macro to ISO files. The ASEC blog introduced cases of ISO file usage for not only Qakbot, but also AsyncRAT, IcedID, and BumbleBee malware. As such, we can see that cases of using ISO files for malware distribution are increasing. The phishing mail that…

Change in Magniber Ransomware (*.js → *.wsf) – September 28th

The ASEC analysis team has explained through the blog post on September 8th that the Magniber ransomware has changed from having a CPL extension to a JSE extension. The attacker made another change after September 8th, changing the file extension from JSE to JS on September 16th. And on September 28th, the attacker changed the distribution method once again, changing the file extension from JS to WSF. It seems the attacker is continuously distributing variations to bypass various detection methods…

ASEC Weekly Malware Statistics (September 19th, 2022 – September 25th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 19th, 2022 (Monday) to September 25th, 2022 (Sunday). For the main category, info-stealer ranked top with 51.3%, followed by backdoor with 21.1%, downloader with 17.2%, and ransomware with 10.3%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 20.7%. It is an info-stealer that leaks user credentials saved…