ASEC Weekly Malware Statistics (June 28th, 2021 – July 4th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 28th, 2021 (Monday) to July 4th, 2021 (Sunday). For the main category, info-stealer ranked top with 67%, followed by RAT (Remote Administration Tool) malware with 13.5%, CoinMiner with 7.0%, downloader with 5.9%, Ddos with 3.4%, and ransomware with 3.1%. Top 1 – AgentTesla AgentTesla was ranked first place with 15.8%. It is an…

Detection of JavaScript Vulnerability (CVE-2021-26411) via V3 Behavior Detection (Magniber)

Attackers are using the CVE-2021-26411 JavaScript vulnerability to actively distribute fileless Magniber ransomware via IE browser. Its internal code flow is changing rapidly, and there are still numerous damage reports that involve Magniber ransomware in Korea. As it is being distributed via an IE vulnerability (CVE-2021-26411), it is absolutely crucial for IE users to apply the security patch. Currently, V3 products can detect and block the latest Magniber ransomware using the ‘Behavior Detection’ feature. Figure 1 shows the infection process of…

ASEC Weekly Malware Statistics (June 21st, 2021 – June 27th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 21st, 2021 (Monday) to June 27th, 2021 (Sunday). For the main category, info-stealer ranked top with 68.2%, followed by RAT (Remote Administration Tool) malware with 21.7%, DDoS with 3.9%, downloader with 3.1%, and ransomware with 2.2%. Top 1 – AgentTesla AgentTesla was ranked first place with 21.2%. It is an info-stealer malware…

Info-Stealer Malware Disguised as Illegal Pornography Being Distributed via Discord

The ASEC analysis team recently found an info-stealing malware that is being distributed via Discord messenger. The malware which is spread through Discord uses the Discord API to send the stolen information to the attacker. FYI, the Discord type method was introduced in the ASEC blog before. https://asec.ahnlab.com/en/19343/ The Discord server which distributes malware sells and distributes illegal pornographies. The creator of malware who is also the administrator of the server uploads a compressed file in the server’s ‘Free Porn’…

ASEC Weekly Malware Statistics (June 14th, 2021 – June 20th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 14th, 2021 (Monday) to June 20th, 2021 (Sunday). For the main category, info-stealer ranked top with 79.6%, followed by RAT (Remote Administration Tool) malware with 18.5%, and downloader with 1.9%. Top 1 –  AgentTesla AgentTesla was ranked first place with 22.0%. It is an info-stealer malware that leaks user information saved in web…