Lokibot Malware Disguised as Phishing E-mail Requesting for Estimate

ASEC analysis team has discovered the distribution of Lokibot malware disguised as an estimate request e-mail. Lokibot malware has been distributed continually over several years, and a closer look at the weekly malware statistics uploaded to the ASEC blog reveals the fact that Lokibot consistently remained high on the weekly statistics list. The recently-discovered Lokibot malware is being distributed as an attachment file within the phishing mail, and its notable characteristic is the CAB/LZH archive file format. The e-mail is…

Distribution of RTF Vulnerability Malware that Takes Advantage of Microsoft Office Word’s External Connection

Distribution of RTF vulnerability (CVE-2017-11882) malware that uses external connection of MS Office Word document has been found. Employees must be on the lookout as the attacker is using spam e-mails to distribute malware to domestic shopping malls and other businesses. Recently, the distribution of MS Office Word malware using external connection has been increasing exponentially. As the attacker uses normal XML Relationship of OOXML (Office Open XML) format and uses malicious URL for only the target address, it is…

[Caution] Makop Ransomware Disguised as Job Application E-mail Being Distributed!

ASEC analysis team has recently discovered ransomware disguised as job application being distributed via e-mail. It appears that the attacker is targeting recruitment managers of various companies amidst the recruitment season of the first half of the year. Hence, recruiters must pay particular attention when managing their e-mail accounts. The distributed e-mails had titles with names which can be perceived as the applicant’s name, and compressed attachments. The names of the distributed files are as follows: ● ResumeandPortfolio_210412 (If you…

Detection of Vulnerability (CVE-2021-26411) via V3 Memory Scan (Magniber)

Starting from March 2021, Magniber ransomware that operates in a fileless form has used the script that utilizes CVE-2021-26411 vulnerability instead of using CVE-2020-0968 vulnerability. There are still numerous damage reports that involve Magniber ransomware in Korea, and as the malware is being distributed via IE vulnerability (CVE-2021-26411), it is absolutely crucial for users of IE to apply the security patch. Detecting and blocking the latest Magniber is possible with V3’s ‘Process Memory Scan’ feature. Magniber ransomware infects via IE browser…

Snake Keylogger Being Distributed via Spam E-mails

Recently, there has been an exponential increase in the distribution of Snake Keylogger via spam e-mails. Snake Keylogger is an info-leaking malware that is developed with .NET, and as seen from the weekly statistics below, it consecutively made its way into the Top 5 malware as of recent. Considering the fact that it’s an info-stealing malware that is mostly distributed via spam e-mails, it is similar to that of AgentTesla malware. Like AgentTesla, Snake Keylogger also supports info-leaking feature through…