Reptile Malware Targeting Linux Systems Posted By Sanseo , August 3, 2023 Reptile is an open-source kernel module rootkit that targets Linux systems and is publicly available on GitHub. [1] Rootkits are malware that possess the capability to conceal themselves or other malware. They primarily target files, processes, and network communications for their concealment. Reptile’s concealment capabilities include not only its own kernel module but also files, directories, file contents, processes, and network traffic. Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse…
Sliver C2 Being Distributed Through Korean Program Development Company Posted By Sanseo , August 1, 2023 In the past, AhnLab Security Emergency response Center (ASEC) had shared the “SparkRAT Being Distributed Within a Korean VPN Installer” [1] case post and the “Analysis of Attack Cases: From Korean VPN Installations to MeshAgent Infections” [2] case post which covered the SparkRAT malware being distributed through a Korean VPN service provider’s installer. ASEC has recently identified similar malware strains being distributed while being disguised as setup files for Korean VPN service providers and marketing program producers. Unlike the past…
Infostealer Distributed via CHM Files Posted By eastston , July 28, 2023 AhnLab Security Emergency response Center (ASEC) previously covered CHM-type malware strains impersonating security companies and financial institutes. This post will cover recently identified CHM strains impersonating Korean financial institutes and insurance companies as they were found being distributed to steal information. The distribution occurred on the 17th (Monday), when statements are regularly sent to users whose payment schedule to financial institutes falls on the 25th of each month. It is certainly possible for those who have the same schedule to…
CHM Impersonates Korean Financial Institutes and Insurance Companies Posted By gygy0101 , July 28, 2023 In March, AhnLab Security Emergency response Center (ASEC) covered a CHM-type malware impersonating security emails from financial institutes. This post will cover the recently identified distribution of CHM-type malware using a similar method of impersonating Korean financial institutes and insurance companies. The CHM file is in a compressed file (RAR) format. Upon execution, it displays the following help screens. These are all guides disguised as being sent from Korean financial institutes and insurance companies and include content such as “credit…
PurpleFox Being Distributed via MS-SQL Servers Posted By muhan , July 24, 2023 Using AhnLab Smart Defense (ASD) infrastructure, AhnLab Security Emergency response Center (ASEC) has recently discovered the PurpleFox malware being installed on poorly managed MS-SQL servers. PurpleFox is a Loader that downloads additional malware and is known to mainly install CoinMiners. Particular caution is advised because the malware also includes a rootkit feature to conceal itself. The initial infiltration method of the recently identified PurpleFox malware involves targeting poorly managed MS-SQL servers. The threat actor executed PowerShell through sqlservr.exe, which is…
