ASEC Weekly Malware Statistics (January 17th, 2022 – January 23rd, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 17th, 2022 (Monday) to January 23rd, 2022 (Sunday). For the main category, info-stealer ranked top with 64.4%, followed by RAT (Remote Administration Tool) malware with 19.8%, banking malware with 7.9%, downloader with 3.5%, ransomware with 3.0%, and coinminer with 1.5%. Top 1 – AgentTesla AgentTesla ranked first place with 29.7% once again. It…

Phishing Script Files Being Distributed by Impersonating Various Groupware

The ASEC analysis team introduced ‘phishing websites targeting Korean email service users’ last year May through the TI analysis report and ASEC blog post. The team showed back then how the attackers leaked user credentials targeting users of NAVER WORKS, MAILPLUG, hiworks, Chollian, and Daum. Files that disguise themselves as company groupware login webpage to leak user account credentials are one of the common phishing types that have been distributed, with slight changes occurring in email title, content, name of…

Vidar Exploiting Social Media Platform (Mastodon)

The ASEC analysis team has recently discovered that Vidar is exploiting a social media platform named Mastodon to create C&C server addresses. Vidar is an info-stealer malware installed through spam emails and PUP, sometimes being disguised as a KMSAuto authenticator tool. It has been consistently distributed since the past, and there was a recent case of it being installed through other types of malware such as Stop ransomware. When Vidar is run, it first accesses the C&C server to receive…

Emotet Being Distributed Using Excel Files

The ASEC analysis team has discovered the constant distribution of Excel files that started last month. These files are made to download Emotet, and they prompt users to enable macros (see figure below). As the files have Auto_Open designated in the macro name box for a cell that exists in a hidden sheet, the formula in the cell is automatically run when the user clicks the Enable Content button. The cell designated with Auto_Open contains a command that runs mshta…

ASEC Weekly Malware Statistics (January 10th, 2022 – January 16th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 10th, 2022 (Monday) to January 16th, 2022 (Sunday). For the main category, info-stealer ranked top with 55.1%, followed by RAT (Remote Administration Tool) malware with 38.2%, downloader with 3.9%, ransomware with 1.4%, and backdoor with 1.4%. Top 1 – AgentTesla AgentTesla ranked first place with 28.0% once again. It is an info-stealer malware…