Bumblebee Being Distributed in Korea Through Email Hijacking

The ASEC analysis team has recently discovered the active distribution of Bumblebee, a downloader type malware. It is distributed using phishing emails in ISO file, and this file contains a shortcut and malicious DLL file. There were also cases of malware being distributed to Korean users through email hijacking. The image below shows phishing emails distributing Bumblebee. They hijacked normal emails and were sent to users as replies with malicious attachments. Users who receive the email may open the attachment…

ASEC Weekly Malware Statistics (June 6th, 2022 – June 12th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 6th, 2022 (Monday) to June 12th, 2022 (Sunday). For the main category, banking malware ranked top with 44.1%, followed by infostealer with 39.3%, backdoor with 9.9%, downloader with 2.9%, and coinminer with 1.9%. Top 1 – Emotet Emotet ranked first place with 41.5%. Emotet is a banking malware that is being continuously…

Malicious HWP Files with BAT Scripts Being Distributed Actively (North Korea/National Defense/Broadcasting)

The ASEC analysis team has discovered the active distribution of APT files that are exploiting a feature of HWP files (OLE object insertion) recently. After the case introduced in the post “Malicious HWP File Disguised as Press Release of 20th Presidential Election Early Voting for Sailors Being Distributed” on March 8th, the attacker is continuously distributing malicious HWP files targeting people in the field of national defense, North Korea-related materials, and broadcasting. When the file is opened, the OLE object…

Follina Vulnerability (CVE-2022-30190) Attack Using ‘Antimicrobial Film Request’ File

On June 7th, the ASEC analysis team swiftly uploaded a brief introduction of a zero-day vulnerability for Microsoft Office files (Follina). As the patch for the vulnerability is not distributed yet, users are advised to take caution. Caution! Microsoft Office Zero-day Vulnerability Follina (CVE-2022-30190) AhnLab has distributed a detection rule for attack attempts exploiting the vulnerability from the perspectives of file and behavior detections. The vulnerability can be detected by various AhnLab products (V3, MDS, and EDR). While the team…

ASEC Weekly Malware Statistics (May 30th, 2022 – June 5th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 30th, 2022 (Monday) to June 5th, 2022 (Sunday). For the main category, info-stealer ranked top with 89.9%, followed by RAT (Remote Administration Tool) malware with 8.5%, and ransomware, downloader, banking malware with 0.5% each. Top 1 – Formbook Formbook ranked first place with 33.7%. Like other info-stealer, it is mainly distributed through…