Phishing Attacks Impersonating Famous Korean Banking Apps Posted By jcleebobgatenet , December 22, 2022 The ASEC analysis team recently identified that multiple malicious domains targeting normal websites of the financial sector had been created. From early November, we detected multiple distribution cases of phishing emails impersonating Naver Help. Through these, we had been monitoring the malicious URL that was included in these emails. The sender’s username was ‘Naver Center’ and the emails had a variety of topics to deceive users, including notifications for changes to contact details, creation of a new one-time password, login…
Qakbot Being Distributed via Virtual Disk Files (*.vhd) Posted By jcleebobgatenet , December 22, 2022 There’s been a recent increase in the distribution of malware using disk image files. Out of these, the Qakbot malware has been distributed in ISO and IMG file formats, and the ASEC analysis team discovered that it has recently changed its distribution to the use of VHD files. Such use of disk image files (IMG, ISO, VHD) is seen to be Qakbot’s method of bypassing Mark of the Web (MOTW). Disk image files can bypass the MOTW feature because when the files inside…
Vidar Stealer Exploiting Various Platforms Posted By jcleebobgatenet , December 22, 2022 Vidar Malware is one of the active Infostealers, and its distribution has been significantly increasing. Its characteristics include the use of famous platforms such as Telegram and Mastodon as an intermediary C2. The link below is a post about a case where malicious behaviors were performed using Mastodon. Even afterward, Vidar saw continuous version updates while actively being distributed. In the recent samples in circulation, various other platforms such as Steam and TikTok were used aside from Telegram and Mastodon….
Nitol DDoS Malware Installing Amadey Bot Posted By Sanseo , December 22, 2022 The ASEC analysis team recently discovered that a threat actor has been using Nitol DDoS Bot to install Amadey. Amadey is a downloader that has been in circulation since 2018, and besides extorting user credentials, it can also be used for the purpose of installing additional malware. Amadey is being actively distributed again this year, and even until very recently, it has been propagating itself on websites disguised as cracks and keygens for normal software and installing other malware on…
ASEC Weekly Malware Statistics (December 5th, 2022 – December 11th, 2022) Posted By jcleebobgatenet , December 15, 2022 The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 5th, 2022 (Monday) to December 11th, 2022 (Sunday). For the main category, downloader ranked top with 44.3%, followed by Infostealer with 28.2%, backdoor with 18.3%, ransomware with 8.5%, and CoinMiner with 0.7%. Top 1 – Amadey This week, Amadey Bot ranked first place with 15.9%. Amadey is a downloader that can receive commands…
