Tracking 3CX Supply Chain Breach Cases using AhnLab EDR

Last March, 3CX supply chain breach cases were a global issue. AhnLab Security Emergency response Center (ASEC) has confirmed through the AhnLab Smart Defense (ASD) infrastructure that malware related to the 3CX supply chain were installed in Korea on March 9th and March 15th. The 3CX supply chain malware confirmed in this instance had loaded malicious DLLs disguised with the names of regular DLLs, ffmpeg.dll and d3dcompiler_47.dll, on the normal 3CXDesktopApp.exe process, allowing for malicious behavior to be carried out….

ASEC Weekly Malware Statistics (April 24th, 2023 – April 30th, 2023)

AhnLab Security Emergency response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from April 24th, 2023 (Monday) to April 30th, 2023 (Sunday). For the main category, Infostealer ranked top with 54.9%, followed by downloader with 33.3%, backdoor with 10.5%, and ransomware and banking malware with 0.6% each. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 35.2%. It leaks user credentials…

ASEC Weekly Phishing Email Threat Trends (April 16th, 2023 – April 22nd, 2023)

AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from April 16th, 2023 to April 22nd, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,…

RecordBreaker Stealer Distributed via Hacked YouTube Accounts

RecordBreaker is a new Infostealer that appeared in 2022 and is known as the new version of Raccoon Stealer. Similar to other Infostealers, such as CryptBot, RedLine, and Vidar, it is a major malware type that usually disguises itself as a software crack or installer. AhnLab Security Emergency response Center (ASEC) has confirmed the distribution of RecordBreaker through a YouTube account that is assumed to have been recently hacked. 1. Previous Distribution Cases Search engines are one of the major…

Qakbot Distributed via OneNote and CHM

AhnLab Security Emergency response Center (ASEC) has covered various distribution methods of Qakbot, and the method of distributing through OneNote was covered back in February. The distribution of Qakbot through OneNote has been confirmed again recently, and it was discovered that the Windows Help file (CHM) was used in this recent attack. Qakbot Being Distributed via OneNote Upon executing the OneNote file, it prompts users to click on the Open button along with a Microsoft Azure image, as shown below….