Malware Distributed with Disguised Filenames (RIGHT-TO-LEFT OVERRIDE) Posted By jcleebobgatenet , December 7, 2022 In August, the ASEC analysis team made a post on the malware being distributed with filenames that utilize RTLO (Right-To-Left Override). RTLO is a unicode that makes an override from right to left. This type of malware induces users to execute its files by mixing filenames with extensions, with its distribution still being continued to this day. RAT Tool Disguised as Solution File (*.sln) Being Distributed on Github As of November 30th, 2022, when the keywords based on the last…
Phishing Email Disguised as a Well-Known Korean Airline Posted By jcleebobgatenet , December 7, 2022 The ASEC analysis team has recently discovered a phishing email that impersonates a well-known Korean airline to collect user credentials. The phishing email contains a notice on airline ticket payment, inducing the reader to connect to the disguised phishing page with specific ticket prices and details that implies that the sender has background information of the reader. The subject and the body of the email are shown below. When the attached HTML file is opened, a connection is made to…
‘Resume.xll’ File Being Distributed in Korea (LockBit 2.0) Posted By jcleebobgatenet , December 7, 2022 In mid-2022, the ASEC analysis team shared that malware with the XLL file format (file extension: .xll) was being distributed via email. The XLL file has a DLL form of a PE (Portable Executable) file but is executed with Microsoft Excel. Since then, this type of malware had not been distributed actively, but for the first time in a long while, we found that it was being distributed with the filename, ‘Resume.xll‘. Post from May 20th, 2022: XLL Malware Distributed…
ASEC Weekly Malware Statistics (November 21st, 2022 – November 27th, 2022) Posted By jcleebobgatenet , December 2, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 21st, 2022 (Monday) to November 27th (Sunday). For the main category, downloader ranked top with 40.3%, followed by Infostealer with 35.8%, backdoor with 16.3%, ransomware with 7.2%, and CoinMiner with 0.4%. Top 1 – AgentTesla AgentTesla is an Infostealer that ranked first place with 17.3%. It leaks user credentials saved in web…
ASEC Weekly Phishing Email Threat Trends (November 13th, 2022 – November 19th, 2022 ) Posted By jcleebobgatenet , December 2, 2022 The ASEC analysis team monitors phishing email threats with the ASEC automatic analysis system (RAPIT) and Honeypot. This post will cover the cases of distribution of phishing emails during the week from November 13th, 2022 to November 19th, 2022 and provide statistical information on each type. Additionally, we will introduce new types that were not detected before as well as emails to be cautious of with keywords to minimize harm to users. The phishing emails covered in this post will…