ASEC Weekly Malware Statistics (June 20th, 2022 – June 26th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 20th, 2022 (Monday) to June 26th, 2022 (Sunday). For the main category, info-stealer ranked top with 53.8%, followed by downloader with 25.1%, backdoor with 14.8%, banking malware with 4.9%, and ransomware with 1.3%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 25.6%. It is an info-stealer that…

ASEC Weekly Malware Statistics (June 13th, 2022 – June 19th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 13th, 2022 (Monday) to June 19th, 2022 (Sunday). For the main category, info-stealer ranked top with 63.8%, followed by backdoor with 17.8%, downloader with 8.9%, banking malware with 7.5%, and ransomware with 1.9%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.1%. It is an info-stealer that…

New Info-stealer Disguised as Crack Being Distributed

The ASEC analysis team has previously uploaded posts about various malware types that are being distributed by disguising themselves as software cracks and installers. CryptBot, RedLine, and Vidar are major example cases. Recently, a single malware type of RedLine has disappeared (it is still being distributed as a dropper type) and a new infostealer malware is being actively distributed instead. Its distribution became in full swing starting from May 20th, globally categorized as “Recordbreaker Stealer.” Some analyses see it as…

LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed

The ASEC analysis team has once again discovered the distribution of LockBit ransomware using phishing e-mail, and disguising itself as copyright claims e-mail which was introduced in the previous blog. The filename of the attachment in e-mail had password included, which is similar to that of phishing e-mail distributed last February (see the link below). LockBit Ransomware Being Distributed Using Resume and Copyright-related Emails As shown in Figure 2, the phishing e-mail has a compressed file as an attachment that…

Windows MSDT Zero-day Vulnerability ‘DogWalk’ Detected by V3

On June 8th, a new Windows Zero-day vulnerability named DogWalk was revealed by Hacker News (thehackernews.com). Similar to that of Follina vulnerability that targeted MS Office document files, this is a vulnerability that occurs from MSDT (Microsoft Support Diagnostic Tool), and it has a risk of copying malware in Windows Startup folder upon running the compressed “.diagcab” extension file. Although PC has to be restarted for the malicious file to operate, users are exposed to attacks since no patch has…