ASEC Weekly Malware Statistics (December 6th, 2021 – December 12th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 6th, 2021 (Monday) to December 12th, 2021 (Sunday). For the main category, info-stealer ranked top with 33.3%, followed by CoinMiner with 25.3%, Downloader with 22.8%, RAT (Remote Administration Tool) malware with 16.2%, Banking malware with 1.8%, and Ransomware with 0.6%. Top 1 – Glupteba Glupteba is a malware developed with Golang, taking…

[Alert] Apache Log4j 2 Vulnerability, Update Recommended

The Apache Log4j 2 vulnerability (CVE-2021-44228) was revealed on Twitter and Github alongside POC on December 10th, 2021. It is the remote code execution (RCE) vulnerability of the Log4j software, which can include the remote Java object address in the log message and run it in the vulnerable server. Alibaba’s cloud security team first reported the vulnerability to the Apache Software Foundation on November 24th, 2021, and the first patch was distributed on December 6th, 2021. Patch is continually being released,…

ASEC Weekly Malware Statistics (November 29th, 2021 – December 5th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 29th, 2021 (Monday) to December 5th, 2021 (Sunday). For the main category, downloader ranked top with 31.4%, followed by CoinMiner with 25.6%, infostealer with 22.3%, RAT (Remote Administration Tool) by 20.1%, ransomware with 0.4%, and banking malware with 0.1%. Top 1 –  BeamWinHTTP BeamWinHTTP is a downloader malware that has taken first…

Word File Disguised as a Design Modification Request for Information Theft

The ASEC analysis team has discovered the distribution of malicious Word file targeting Korean users. The filename is Design Modification Request.doc, and it includes an image that prompts the user to run the macro. As shown below, the Word file includes a malicious macro that downloads additional files from hxxp://filedownloaders.com/doc09. When the user clicks Enable Content, the macro is automatically run, and it downloads additional malicious files. It then runs the downloaded temp.doc document file. The Word file contains texts…