AgentTesla Being Distributed via More Sophisticated Malicious PowerPoint Files

The ASEC analysis team has introduced malicious PowerPoint files that have been continuously distributed since last year. Recently, the team has discovered that various malicious features were added to the script that is run in the malicious PowerPoint file. The method the malicious file is run remains the same as the previous cases, and it performs features such as Anti-AV, and UAC Bypass, and execution of additional malware by a malicious script. When the PowerPoint file is run, a security…

Distribution of Phishing Emails Targeting Korean Research Institutes and Companies

The ASEC analysis team has discovered the distribution of phishing emails targeting Korean research institutes and companies to steal passwords. The phishing email impersonated an international transport company, requesting the user to submit custom information, and open the attachment file to prompt the user to click the URL. Upon clicking the link in the email, the user is redirected to a phishing page that prompts the user to enter their password. As the team has also discovered cases of distribution…

ASEC Weekly Malware Statistics (November 22nd, 2021 – November 28th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 22nd, 2021 (Monday) to November 28th, 2021 (Sunday). For the main category, downloader ranked top with 31.7%, followed by infostealer with 23.7%, CoinMiner with 22.0%, RAT (Remote Administration Tool) by 21.5%, ransomware with 0.8%, and banking malware with 0.2%. Top 1 –  BeamWinHTTP BeamWinHTTP is a downloader malware that has taken first…

Distribution of Malicious Excel Files Targeting Companies Amid Black Friday Season

Malicious Excel files are being distributed to companies amid the Black Friday season. The email confirmed today (Nov 25th) is an email reported by the attacked company in Korea. Attached to the email is an Excel file that contains an Excel 4.0 Macro (XLM) macro sheet in the form of the XLSB excel binary. It checks whether the system is a domain controller then activates additional malicious features. The filename of the attached Excel file has a format of ‘promo…

ASEC Weekly Malware Statistics (November 15th, 2021 – November 21st, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 15th, 2021 (Monday) to November 21st, 2021 (Sunday). For the main category, downloader ranked top with 31.0%, followed by infostealer with 29.1%, RAT (Remote Administration Tool) malware with 19.0%, CoinMiner with 15.7%, banking malware with 2.5%, backdoor malware with 2.2%, and ransomware with 0.5%. Top 1 –  BeamWinHTTP BeamWinHTTP is a downloader…