Snake Keylogger Being Distributed via Spam E-mails

Recently, there has been an exponential increase in the distribution of Snake Keylogger via spam e-mails. Snake Keylogger is an info-leaking malware that is developed with .NET, and as seen from the weekly statistics below, it consecutively made its way into the Top 5 malware as of recent. Considering the fact that it’s an info-stealing malware that is mostly distributed via spam e-mails, it is similar to that of AgentTesla malware. Like AgentTesla, Snake Keylogger also supports info-leaking feature through…

Distribution of Hangul Word Processor (HWP) File with Title of North Korea-related Question

Previously, ASEC analysis team discovered the surge in the distribution of malicious Word files containing North Korea-related materials and shared detailed information about this trend. And today, ASEC analysis team has discovered the distribution of malware disguised as HWP files that contain North Korea-related questions. Judging by the information within the HWP file, the malware developer must have modified the document with North Korea-related questions that were used on December 15, 2020, during the debate on North Korea. This malicious HWP…

Analysis of Dridex Malware Distribution Method Armed with Bypass Detection

Dridex, also known as Cridex and Bugat, is a typical info-stealing malware that steals financial information. It is distributed on a massive scale by cybercrime organizations and it mainly uses macros within Microsoft Office Word or Excel document files that are included in spam mails. The most noticeable characteristic of Dridex malware is that it operates by modularizing files depending on features such as downloader, loader, and botnet. As such, there have been cases of ransomwares such as DoppelPaymer or…

Distribution of Malicious Word Document Disguised as a Military Security Monthly Magazine (April 2021)

On March 29th, ASEC analysis team has introduced malicious word documents containing North Korea related materials. Upon opening the file, it connects to the ‘External URL’ written within XML and downloads additional files. Recently the team has found out that malicious word documents using the mentioned method and disguised as a military security monthly magazine (April 2021) are currently being distributed. The names of the files are as follows: MonthlyKIMA2021_AprilMilitarySecurity0330.docx MonthlyKIMA2021_AprilMilitarySecurity0331.docx The document file is protected, and upon unlocking the…

Malicious Word File Disguised as Compensation Request Form (External Connection + VBA Macro)

With malicious document files being distributed in various document formats such as HWP, DOC, XSLX, and PDF, it is safe to say that such a document-based malware has become a new trend among attackers. In pursuit of this trend, ASEC analysis team has been publishing various articles that contain related information in our blog. Today, ASEC analysis team will share the information on the newly-found malicious Word document file. This malicious Word document file takes a form of a ‘Compensation Request…