Distribution of RTF Vulnerability Malware that Takes Advantage of Microsoft Office Word’s External Connection

Distribution of RTF vulnerability (CVE-2017-11882) malware that uses external connection of MS Office Word document has been found. Employees must be on the lookout as the attacker is using spam e-mails to distribute malware to domestic shopping malls and other businesses. Recently, the distribution of MS Office Word malware using external connection has been increasing exponentially. As the attacker uses normal XML Relationship of OOXML (Office Open XML) format and uses malicious URL for only the target address, it is…

[Caution] Makop Ransomware Disguised as Job Application E-mail Being Distributed!

ASEC analysis team has recently discovered ransomware disguised as job application being distributed via e-mail. It appears that the attacker is targeting recruitment managers of various companies amidst the recruitment season of the first half of the year. Hence, recruiters must pay particular attention when managing their e-mail accounts. The distributed e-mails had titles with names which can be perceived as the applicant’s name, and compressed attachments. The names of the distributed files are as follows: ● ResumeandPortfolio_210412 (If you…

Detection of Vulnerability (CVE-2021-26411) via V3 Memory Scan (Magniber)

Starting from March 2021, Magniber ransomware that operates in a fileless form has used the script that utilizes CVE-2021-26411 vulnerability instead of using CVE-2020-0968 vulnerability. There are still numerous damage reports that involve Magniber ransomware in Korea, and as the malware is being distributed via IE vulnerability (CVE-2021-26411), it is absolutely crucial for users of IE to apply the security patch. Detecting and blocking the latest Magniber is possible with V3’s ‘Process Memory Scan’ feature. Magniber ransomware infects via IE browser…

Snake Keylogger Being Distributed via Spam E-mails

Recently, there has been an exponential increase in the distribution of Snake Keylogger via spam e-mails. Snake Keylogger is an info-leaking malware that is developed with .NET, and as seen from the weekly statistics below, it consecutively made its way into the Top 5 malware as of recent. Considering the fact that it’s an info-stealing malware that is mostly distributed via spam e-mails, it is similar to that of AgentTesla malware. Like AgentTesla, Snake Keylogger also supports info-leaking feature through…

Distribution of Hangul Word Processor (HWP) File with Title of North Korea-related Question

Previously, ASEC analysis team discovered the surge in the distribution of malicious Word files containing North Korea-related materials and shared detailed information about this trend. And today, ASEC analysis team has discovered the distribution of malware disguised as HWP files that contain North Korea-related questions. Judging by the information within the HWP file, the malware developer must have modified the document with North Korea-related questions that were used on December 15, 2020, during the debate on North Korea. This malicious HWP…