njRAT Malware Distributed via Major Korean Webhard

njRAT malware is a RAT malware that steals user’s personal information and runs by receiving the attacker’s command. This malware is constantly being distributed to users in Korea. Upon analyzing the detection log, AhnLab ASEC team discovered that njRAT is mostly distributed via Webhard and torrent websites, disguised as ordinary file such as video games, authentication tools, and utilities. In most cases, PCs are infected with malware the moment the source program is run, making it difficult for users to…

AveMaria malware being distributed as spam mail

AveMaria is a RAT (Remote Administration Tool) malware with a remote control feature that receives commands from the C&C server and performs a variety of malicious behaviors. As shown in the weekly statistics below, it is not included in the Top 5, but it has consistently been taking up a certain percentage of the total. AveMaria malware has been distributed via spam mails similar to AgentTesla, Lokibot, and Formbook malware. Additionally, it is packeted and distributed in a form of…

How AgentTesla Malware is Being Distributed in Korea

Since early this year, cases of distribution of phishing emails that contain a malicious Powerpoint file (*.PPT) have been reported. ASEC analysis team has recently detected AgentTesla, a malware that is ultimately run via this attack method. In this report, our goal is to share information on this malware. In January 2020, an email that contained PPT with info-leaking malware, azorult, was distributed overseas. (Blog post:https://appriver.com/resources/blog/january-2020/powerpoint-malware-references-drake-lyrics-drop-lokibot-azorult) In July 2020, an info-leaking malware named AgentTesla was distributed using a distribution method…

Emotet is Back and Spamming Again!

Emotet is back after almost five months of absense. It disappeared in early February, 2020 and came back recently in July to resume it’s phishing campaigns. AhnLab Security Emergency-response Center(ASEC) has confirmed the return of Emotet malware through its blog on July 22nd. Emotet is an infamous botnet that is known for its phishing campaigns. Even after a five-month-long break, their old tricks of using phishing emails remained the same. Emotet’s phishing campaign can be primarily divided into three types:…

Distribution of Malicious Document File (XLS) Disguised as COVID-19 Predictions

While the battle against relentless waves of malware using the COVID-19 theme continues, AhnLab ASEC analysis team discovered another attack disguised as ‘COVID-19 Predictions’ to deceive users to open the email and the document file attached. It was distributed via a phishing email, and this email had a malicious excel document.  The excel file in the email has the number of confirmed COVID-19 cases by country. Any user who wishes to check the total number of the deceased has no…