DDoS IRC Bot Malware (GoLang) Being Distributed via Webhards

While monitoring the distribution source of malware in Korea, the ASEC analysis team has discovered that DDoS IRC Bot strains disguised as adult games are being installed via webhards. Webhards are platforms commonly used for the distribution of malware in Korea, where njRAT and UDP Rat were distributed in the past. UDP RAT Malware Being Distributed via Webhards The cases that are recently being discovered are similar to the case discussed in the post above, and it appears that the…

ASEC Weekly Malware Statistics (January 3rd, 2022 – January, 9th 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 3rd, 2022 (Monday) to January 9th, 2022 (Sunday). For the main category, info-stealer ranked top with 54.2%, followed by RAT (Remote Administration Tool) malware with 30.1%, downloader with 12.0%, ransomware with 2.4%, and backdoor with 1.2%. Top 1 – AgentTesla AgentTesla ranked first place with 28.9% once again. It is an info-stealer malware…

Infostealer Disguised as Well-Known Korean Web Portal File

The ASEC analysis team has discovered an infostelaer type malware disguised as a file related to a Korean web portal. The team found the NAVER.zip file in the malicious URL used in recent phishing emails with the compressed file including an executable named ‘NaverProtector.exe’. The email with the malicious URL contains information about Kakao account as shown below. When users click the <Lift Protection> button, they are redirected to hxxp://mail2.daum.confirm-pw[.]link/kakao/?email=[email address] and will have their account credentials stolen by the…

Magniber Ransomware Being Distributed via Microsoft Edge and Google Chrome

The ASEC analysis team has been continuously monitoring Magniber, ransomware that is distributed via Internet Explorer (IE) vulnerabilities. For the last couple of years, the attacker behind Magniber has been exploiting IE vulnerabilities to deploy ransomware. And as shown in the previous blog below, it is still being distributed by exploiting the IE vulnerabilities. What’s new, however, is that Magniber’s distribution has been confirmed on browsers other than IE: Microsoft Edge and Google Chrome. This blog post aims to explain…

ASEC Weekly Malware Statistics (December 27th, 2021 – January 2nd, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 27th, 2021 (Monday) to January 2nd, 2022 (Sunday). For the main category, info-stealer ranked top with 42.7%, followed by RAT (Remote Administration Tool) malware with 35.4%, downloader with 14.6%, ransomware with 4.9%, and Ddos with 2.4%. Top 1 – AgentTesla AgentTesla ranked first place with 20.7%. It is an info-stealer malware that leaks…