ASEC Weekly Malware Statistics (November 29th, 2021 – December 5th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 29th, 2021 (Monday) to December 5th, 2021 (Sunday). For the main category, downloader ranked top with 31.4%, followed by CoinMiner with 25.6%, infostealer with 22.3%, RAT (Remote Administration Tool) by 20.1%, ransomware with 0.4%, and banking malware with 0.1%. Top 1 –  BeamWinHTTP BeamWinHTTP is a downloader malware that has taken first…

Word File Disguised as a Design Modification Request for Information Theft

The ASEC analysis team has discovered the distribution of malicious Word file targeting Korean users. The filename is Design Modification Request.doc, and it includes an image that prompts the user to run the macro. As shown below, the Word file includes a malicious macro that downloads additional files from hxxp://filedownloaders.com/doc09. When the user clicks Enable Content, the macro is automatically run, and it downloads additional malicious files. It then runs the downloaded temp.doc document file. The Word file contains texts…

Lokibot Malware Disguised as National Tax Service Email Being Distributed

The ASEC analysis team has recently discovered that malicious emails disguised as Hometax are consistently being distributed. The sender address used in the email is hometaxadmin@hometax.go[.]kr or hometaxadmin@hometax[.]kr, identical to the case found last year, and the email contains electronic tax invoice related materials. This type of email has consistently been distributed. In last year’s case, the email had PPT file as an attachment that has malicious macro included, but recently, it is being distributed in the form of a…

AgentTesla Being Distributed via More Sophisticated Malicious PowerPoint Files

The ASEC analysis team has introduced malicious PowerPoint files that have been continuously distributed since last year. Recently, the team has discovered that various malicious features were added to the script that is run in the malicious PowerPoint file. The method the malicious file is run remains the same as the previous cases, and it performs features such as Anti-AV, and UAC Bypass, and execution of additional malware by a malicious script. When the PowerPoint file is run, a security…

Distribution of Phishing Emails Targeting Korean Research Institutes and Companies

The ASEC analysis team has discovered the distribution of phishing emails targeting Korean research institutes and companies to steal passwords. The phishing email impersonated an international transport company, requesting the user to submit custom information, and open the attachment file to prompt the user to click the URL. Upon clicking the link in the email, the user is redirected to a phishing page that prompts the user to enter their password. As the team has also discovered cases of distribution…