ASEC Weekly Phishing Email Threat Trends (January 1st, 2023 – January 7th, 2023) Posted By jcleebobgatenet , January 17, 2023 The ASEC analysis team monitors phishing email threats with the ASEC automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the week from January 1st, 2023 to January 7th, 2022 and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods. On a broader note, the act…
Malware Disguised as a Manuscript Solicitation Letter (Targeting Security-Related Workers) Posted By jcleebobgatenet , January 17, 2023 On January 8th, the ASEC analysis team identified the distribution of a document-type malware targeting workers in the security field. The obtained malware uses an external object within a Word document to execute an additional malicious macro. Such a technique is called the template Injection method. and a similar attack case was covered in a previous blog post. When the Word document is opened, it downloads and executes an additional malicious Word macro document from the threat actor’s C&C server….
Phishing Web Server Identified Through an Impostor National Tax Service Email Posted By jcleebobgatenet , January 17, 2023 The ASEC analysis team recently discovered that a phishing email impersonating the National Tax Service was being distributed. This phishing email emphasizes the urgency of the company email password expiring on the same day, and it is being sent with a message urging recipients to extend their password duration before the account is locked. Figure 1. Original email Figure 2. Phishing site for entering account information Figure 3. Source code of the login page Clicking the hyperlink inserted to the…
ASEC Weekly Malware Statistics (January 2nd, 2023 – January 8th, 2023) Posted By jcleebobgatenet , January 13, 2023 The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 2nd, 2023 (Monday) to January 8th, 2023 (Sunday). For the main category, downloader ranked top with 55.9%, followed by Infostealer with 21.3%, backdoor with 14.2%, ransomware with 7.9%, and CoinMiner with 0.8%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked top with 32.3%. The malware is distributed via malware disguised…
Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack Posted By Sanseo , January 13, 2023 The ASEC analysis team recently identified Orcus RAT being distributed on file-sharing sites disguised as a cracked version of Hangul Word Processor. The threat actor that distributed this malware is the same person that distributed BitRAT and XMRig CoinMiner disguised as a Windows license verification tool on file-sharing sites.[1] The malware distributed by the threat actor has a similar form as those of the past, except for the fact that Orcus RAT was used instead of BitRAT. Furthermore, the new malware…
