LockBit Ransomware Being Mass-distributed With Similar Filenames

The ASEC analysis team had written about LockBit ransomware being distributed through emails over three blog posts. Through consistent monitoring, we hereby let you know that LockBit 2.0 and LockBit 3.0 are being distributed again with only a change to their filenames. Unlike the previous cases introduced in the blog where Word files or copyright claim emails were used, the recent versions are being distributed through phishing mails disguised as job applications. LockBit Ransomware Being Distributed Using Resume and Copyright-related…

How Is My Phone Number Leaked?

The PERSONAL INFORMATION PROTECTION ACT is a law to protect the freedom and rights of individuals, and it aims to actualize the individual dignity and value of people. According to the act, personal information is defined as pieces of information that can easily identify an individual when coupled with other pieces of information, and phone numbers are seen as one of the main types of personal information. This post explains the PUP (Potentially Unwanted Program) that collects phone numbers. Figure…

ASEC Weekly Malware Statistics (November 14th, 2022 – November 20th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 14th, 2022 (Monday) to November 20th (Sunday). For the main category, downloader ranked top with 53.2%, followed by backdoor with 24.1%, Infostealer with 21.1%, ransomware with 1.0%, CoinMiner with 0.4%, and banking malware with 0.2%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 30.5%. The malware is…

Auto-Publishing and Auto-Reporting Programs for Blog Posts

Spam programs are illegal programs according to the ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION. The ASEC analysis team previously published a blog post about a spam program sold as a marketing program. Today, we will introduce a program similar to the spam program covered in the past. The file collected under the filename of ‘Naver Blog Report Program.exe’ was developed with C#, just like the spam program covered in the previous blog post. Its…

Word Documents Disguised as Normal MS Office URLs Being Distributed

Recently, there has been a case of malware disguised as a Word document being distributed through certain paths (e.g. KakaoTalk group chats). The ASEC analysis team has discovered during our additional monitoring process that the URL used in the fake Word document is becoming very cleverly disguised to closely resemble the normal URL, and we wish to advise caution on the part of users. The currently identified filenames of the malicious Word documents are as follows.The real names of Koreans found…