Malware Being Sneakily Installed in My PC-BeamWinHTTP Malware

The weekly malware statistics which ASEC analysis team uploads every week show that the number of occurrences for a downloader type malware named BeamWinHTTP has been on the rise for the last few weeks. According to the last ASEC weekly malware statistics, BeamWinHTTP malware is one of the top 3 most distributed malware. Since it downloads various types of malware when run, users must take extra caution. BeamWinHTTP malware is executed by a PUP installer, and users who attempt to…

Distribution of Malware via Resume/Copyright-Related Emails (Ransomware, Infostealer)

ASEC analysis team has confirmed the malware under the disguise of a resume is still being distributed. This time, it disguised as resume and copyright-related files. The file that is being recently distributed also takes the form of NSIS (Nullsoft Scriptable Install System) and is being distributed under various filenames as translated below. Outline on the original image (the image I created) and the image you are currently using.exe You have violated copyright laws and here is the summary of…

Received Estimate/Purchase Order Email? Take Caution When Opening Them!

With the start of 2021, malicious emails disguised as business emails are being discovered as numerous companies have started their business. Thus, users must remain vigilant when opening email. The discovered attacks used e-mails disguised as business-related content, such as ‘estimate request’ or ‘purchase orders,’ with malicious files attached. Upon running the attachment file, the user either gets directed to a phishing site that requires account information, or gets infected with info theft malware.  In January and February this year, ASEC has discovered numerous cases of e-mails disguised as ‘estimate request’ or ‘purchase order’ to attempt to steal user’s info. The email was written in quite fluent Korean, and it had the phrase ‘Please check the attached file.’ written in…

Distribution of Malware Disguised as ‘2021 Ministry of National Defense Work Report Revised’

On January 24, ASEC discovered the distribution of malware disguised as ‘2021 Ministry of National Defense Work Report Revised.’ As shown below, the extension of the distributed malware is *.pif, but it is an executable file just like the EXE extension. Once run, a file that is identical to that of a PDF document file accessible on the website of Ministry of National Defense is shown to the user. However, it is designed to run malware (DLL format) along with…

BlueCrab Ransomware Installing Hacking Tool CobaltStrike in Corporate Environments

The ASEC analysis team confirmed that during the BlueCrab ransomware (=Sodinokibi, REvil) infection process, which is distributed in JS form, the CobaltStrike hacking tool was distributed under certain conditions. CobaltStrike hacking tool is a limited tool used for mock hacking test purposes under legitimate purposes; however, it has been actively used in malware since the recent source code leak. Since recently confirmed BlueCrab ransomware distribution JS file checks the corporate Active Directory (AD) environment and installs the CobaltStrike hacking tool…