ASEC Weekly Phishing Email Threat Trends (May 21st, 2023 – May 27th, 2023)

AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from May 21st, 2023 to May 27th, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,…

Similar AhnLab Response Cases Regarding Korea-US Joint Cyber Security Advice

On June 2nd, the Korean NIS (National Intelligence Service), NPA (National Police Agency), and MOFA (Ministry of Foreign Affairs) released a joint security advisory regarding the spear phishing attacks of North Korea’s Kimsuky group with the US FBI (Federal Bureau of Investigation), DoS (Department of State), and NSA (National Security Agency). The government agencies stated that the act was done to raise awareness of members of global think tanks, academic institutions, and media companies on CNE (Computer Network Exploitation) using…

Malware Being Distributed Disguised as a Job Application Letter

AhnLab Security Emergency response Center (ASEC) has identified that malware disguised as a job application letter is continuously being distributed. This malware is equipped with a feature that checks for the presence of various antivirus processes including a process with AhnLab’s product name (V3Lite.exe) and is being distributed through malicious URLs designed to resemble a Korean job-seeking website. Below are the discovered download URLs. The malicious file downloaded from the above URLs has a screen saver file extension (.scr) and an…

Tracking and Responding to AgentTesla Using EDR

AhnLab Security Emergency response Center (ASEC) has been uploading a summary of weekly malware statistics every week. https://asec.ahnlab.com/en/53647/ This post will cover how EDR is used to detect, track, and respond to AgentTesla, an Infostealer continuously being distributed among the malware mentioned in the post above. AgentTesla is an Infostealer that steals user credentials saved in web browsers, emails, and FTP clients. AhnLab’s EDR products detect certain types of PE files accessing user account credential files and categorize this behavior…

ASEC Weekly Malware Statistics (May 22nd, 2023 – May 28th, 2023)

AhnLab Security Emergency response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 22nd, 2023 (Monday) to May 28th, 2023 (Sunday). For the main category, Infostealer ranked top with 52.5%, followed by downloader with 38.1%, backdoor with 6.4%, ransomware with 2.5%, and CoinMiner with 0.4%.   Top 1 – Amadey This week, Amadey Bot ranked first place with 29.7%. Amadey is a downloader that…