ASEC Weekly Malware Statistics (April 24th, 2023 – April 30th, 2023) Posted By ASEC , May 8, 2023 AhnLab Security Emergency response Center (ASEC) uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from April 24th, 2023 (Monday) to April 30th, 2023 (Sunday). For the main category, Infostealer ranked top with 54.9%, followed by downloader with 33.3%, backdoor with 10.5%, and ransomware and banking malware with 0.6% each. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 35.2%. It leaks user credentials…
ASEC Weekly Phishing Email Threat Trends (April 16th, 2023 – April 22nd, 2023) Posted By ASEC , May 4, 2023 AhnLab Security Emergency response Center (ASEC) monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from April 16th, 2023 to April 22nd, 2023 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note,…
RecordBreaker Stealer Distributed via Hacked YouTube Accounts Posted By Sanseo , May 3, 2023 RecordBreaker is a new Infostealer that appeared in 2022 and is known as the new version of Raccoon Stealer. Similar to other Infostealers, such as CryptBot, RedLine, and Vidar, it is a major malware type that usually disguises itself as a software crack or installer. AhnLab Security Emergency response Center (ASEC) has confirmed the distribution of RecordBreaker through a YouTube account that is assumed to have been recently hacked. 1. Previous Distribution Cases Search engines are one of the major…
Qakbot Distributed via OneNote and CHM Posted By gygy0101 , May 3, 2023 AhnLab Security Emergency response Center (ASEC) has covered various distribution methods of Qakbot, and the method of distributing through OneNote was covered back in February. The distribution of Qakbot through OneNote has been confirmed again recently, and it was discovered that the Windows Help file (CHM) was used in this recent attack. Qakbot Being Distributed via OneNote Upon executing the OneNote file, it prompts users to click on the Open button along with a Microsoft Azure image, as shown below….
CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers Posted By Sanseo , May 2, 2023 AhnLab Security Emergency response Center (ASEC) has recently discovered XMRig CoinMiner being installed on poorly managed Linux SSH servers. The attacks have been happening with a distinct pattern since 2022: they involve the usage of malware developed with Shell Script Compiler (SHC) when installing the XMRig, as well as the creation of a backdoor SSH account. When looking at the attack cases against poorly managed Linux SSH servers, most of them involve the installation of DDoS Bot or CoinMiner. DDoS…
