Hakuna Matata Ransomware Targeting Korean Companies Posted By Sanseo , August 16, 2023 Recently, AhnLab Security Emergency response Center (ASEC) has identified that the Hakuna Matata ransomware is being used to attack Korean companies. Hakuna Matata is a ransomware that has been developed relatively recently. The first report related to Hakuna Matata was identified on July 6th, 2023 on Twitter. [1] On July 14th, 2023, a post of a threat actor promoting Hakuna Matata on the dark web was shared on Twitter as well. [2] Also, out of the ransomware strains uploaded on VirusTotal,…
GuLoader Malware Disguised as Tax Invoices and Shipping Statements (Detected by MDS Products) Posted By AhnLab_en , August 10, 2023 AhnLab Security Emergency response Center (ASEC) has identified circumstances of GuLoader being distributed as attachments in emails disguised with tax invoices and shipping statements. The recently identified GuLoader variant was included in a RAR (Roshal Archive Compressed) compressed file. When a user executes GuLoader, it ultimately downloads known malware strains such as Remcos, AgentTesla, and Vidar. AhnLab’s MDS products provide a Mail Transfer Agent (MTA) feature to block malware distributed via email. Figure 3 below shows the GuLoader malware detection…
V3 Detects and Blocks Magniber Ransomware Injection (Direct Syscall Detection) Posted By AhnLab_en , August 10, 2023 The Magniber ransomware is consistently being distributed at high volumes. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed with filenames disguised as a Windows security update package (e.g. ERROR.Center.Security.msi) in Edge and Chrome browsers. Magniber at the moment injects the ransomware into a running process, having this process cause damage by encrypting the user’s files. This post…
Changes Detected in CHM Malware Distribution Posted By AhnLab_en , August 10, 2023 AhnLab Security Emergency response Center (ASEC) has previously covered a CHM malware type impersonating Korean financial institutes and insurance companies. Recently, the execution method of this malware type has been changing every week. This post will cover how the changed execution processes of the CHM malware are recorded in AhnLab’s EDR products. Figure 1 shows the detection diagram in EDR products on the execution method of the CHM malware impersonating financial institutes and insurance companies. The diagram for the initial distribution…
Malware Disguised as Normal Installation File of a Korean Development Company – EDR Detection Posted By Bellyoon , August 9, 2023 AhnLab Security Emergency response Center (ASEC) has previously covered the malware that is generated by the installation file of a Korean program development company. When malware is distributed alongside an installation file, users will struggle to notice that malware is being executed concurrently. Additionally, due to its characteristic of operating in a fileless format by being injected into a normal program, signature-based anti-malware products find it difficult to detect such malware. However, Endpoint Detection & Response (EDR), which records and…
