Malware Disguised as Job Offer Letter

The ASEC analysis team has recently discovered that KPOT Infostealer is being distributed via spam mails containing word files. There has been a number of cases ultimately downloading Infostealer programs when the macro was enabled, but this case is noticeable in that it used a word file with a particular password in a spam mail disguised as a job offer letter to trick users. While how the e-mail came to be spread has not yet been identified, it appears that…

ASEC Weekly Malware Statistics (July 26th, 2021 – August 1st, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to major malware. This post will list weekly statistics collected from July 26th, 2021 (Monday) to August 1st, 2021 (Sunday). For the main category, Infostealer ranked top with 48.2%, followed by RAT (Remote Administration Tool) malware with 25.8%, downloader with 13.0%, CoinMiner with 8.6%, ransomware with 4.2%, and Ddos with 0.3%. Top 1 – RedLine RedLine malware has taken first place once again with 18.0%….

CryptBot Infostealer Constantly Changing and Being Distributed

CryptBot is an Infostealer that is being distributed through malicious websites disguised as software download pages. Because there are multiple malicious websites created and many of them appear on the top page when keywords such as cracks and serials of popular commercial software are entered in search engines, many users are subject to download the malware and run it. In addition, the sample uses the SFX packing, making difficult to distinguish between normal and malicious files, and changes occur multiple…

ASEC Weekly Malware Statistics (July 19th, 2021 – July 25th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to major malware. This post will list weekly statistics collected from July 19th, 2021 (Monday) to July 25th, 2021 (Sunday). For the main category, info-stealer ranked top with 54.7%, followed by RAT (Remote Administration Tool) malware with 23.6%, CoinMiner with 9.2%, downloader with 8.0%, ransomware with 2.4%, and backdoor with 1.7%. Top 1 – RedLine RedLine malware was ranked first place with 9.2%. The number…

Fileless Remcos RAT Malware Delivery

The ASEC analysis team identified that Remcos RAT malware is being distributed through malicious macros in Excel files. As for the malware, the team introduced it in detail in the post linked below this text. While the method of coming into the system through spam mails is the same as before, it should be noted that the Remcos RAT malware is ultimately delivered filelessly after going through multiple loader stages. In summary, the overall operation method is as follows: The attacker attaches…