Phishing Site Targeting Domestic E-mail Service Users (Part 2)

The ASEC analysis team has been sharing information about various phishing e-mails in the ASEC blog. This time, the team aims to inform users about another discovered phishing site that targets domestic e-mail service users to distribute malware. The recently confirmed phishing site targets Naver Mail (mail.naver), Daum Mail (mail2.daum), and hiworks users to collect their information such as IDs, passwords, and user IPs. It then sends the information to the attacker’s e-mail. The top-level domain hxxp://za***if***i**pl*ce[.]com/ takes the form…

ASEC Weekly Malware Statistics (June 7th, 2021 – June 13th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 7th, 2021 (Monday) to June 13th, 2021 (Sunday). For the main category, info-stealer ranked top with 67.7%, followed by RAT (Remote Administration Tool) malware with 20.3%, banking malware with 8.8%, and downloader with 2.2%. Ransomware did not make it to the main category due to a reduction in the number of cases….

Caution! Malicious Excel Macros Being Distributed Indiscriminately Through Emails!

The ASEC analysis team discovered that excel files containing the same type of malicious macros are being distributed indiscriminately through emails. Such excel files contain macros that additionally download malware. Recently, it was found that reply mails targeting random people were added with threatening text and malicious excel macro files. One feature that the three collected emails share is that they all disguise themselves as reply mails and distribute malicious macro excel files. In the example of Figure 3, the…

Caution! Phishing Mails Exploiting URL Shortener and Impersonating Organizations

The ASEC analysis team has been continuously updating the blog with information about phishing mails and urging users to take caution. Recently, the team confirmed a massive distribution of phishing mails with attachments that are assumed to be of the same type. While the structures of the HTML files for the finally connected phishing sites are different for each phishing mail of this type, the structures of HTML attachments that redirect users are the same, and the URLs of the…

ASEC Weekly Malware Statistics (May 31st, 2021 – June 6th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 31st, 2021 (Monday) to June 6th, 2021 (Sunday). For the main category, info-stealer ranked top with 82.5%, followed by RAT (Remote Administration Tool) malware with 16.0%, and downloader with 1.5%. Banking malware and ransomware were excluded due to decrease in the number of cases. Top 1 –  AgentTesla AgentTesla was ranked first place…