Magniber Ransomware Being Distributed via Microsoft Edge and Google Chrome

The ASEC analysis team has been continuously monitoring Magniber, ransomware that is distributed via Internet Explorer (IE) vulnerabilities. For the last couple of years, the attacker behind Magniber has been exploiting IE vulnerabilities to deploy ransomware. And as shown in the previous blog below, it is still being distributed by exploiting the IE vulnerabilities. What’s new, however, is that Magniber’s distribution has been confirmed on browsers other than IE: Microsoft Edge and Google Chrome. This blog post aims to explain…

ASEC Weekly Malware Statistics (December 27th, 2021 – January 2nd, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 27th, 2021 (Monday) to January 2nd, 2022 (Sunday). For the main category, info-stealer ranked top with 42.7%, followed by RAT (Remote Administration Tool) malware with 35.4%, downloader with 14.6%, ransomware with 4.9%, and Ddos with 2.4%. Top 1 – AgentTesla AgentTesla ranked first place with 20.7%. It is an info-stealer malware that leaks…

Analysis Report on Kimsuky Group’s APT Attacks (AppleSeed, PebbleDash)

This document is an analysis report on types of malware recently utilized by the Kimsuky group. The Kimsuky group is mainly known for launching social engineering attacks such as spear phishing. Judging by the names of the attached files, the group seems to be targeting those working in the fields related to North Korea and foreign affairs. According to the scan logs of AhnLab’s ASD infrastructure, the threat group has been mainly targeting personal users rather than companies, but has…

Guide to Prevent Execution of Excel 4.0 Macro Malware – Microsoft Office 365 Product

Excel 4.0 macro (XLM) malware is an attack method that uses Microsoft Office Excel files, and it has been established as the new document malware flow following VBA (Visual Basic Application). Excel 4.0 macro malware uses the ‘macro sheet’ feature in Excel. Each cell in the Excel sheet is composed of a function flow that can be run. Excel 4.0 macro malware has been most actively used in the recent methods of malware distribution using MS Office files. The developer…

Distribution of Redline Stealer Disguised as Software Crack

In the previous blog post, the AhnLab ASEC analysis team has mentioned malware that is searched through keywords such as cracks and serials of commercial software, urging users to take caution. While investigating a recent breach case of the internal network of a certain company, the team has discovered that the company was infected with Redline Stealer disguised as a crack for commercial software and had its VPN website and account credentials leaked. The company where the damage occurred provided…