ASEC Weekly Malware Statistics (March 21st, 2022 – March 27th, 2022) Posted By jcleebobgatenet , March 30, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 21st, 2022 (Monday) to March 27th, 2022 (Sunday). For the main category, info-stealer ranked top with 75.4%, followed by RAT (Remote Administration Tool) with 16.7%, downloader with 4.8%, banking malware with 2.4%, ransomware with 0.8%. Top 1 – AgentTesla AgentTesla ranked first place with 25.4%. It is an info-stealer that leaks user credentials…
Malicious Word File Targeting Corporate Users Being Distributed Posted By jcleebobgatenet , March 30, 2022 The ASEC analysis team discovered a Word file that seems to target corporate users. The file contains an image that prompts users to enable macros like other malicious files. To trick users into thinking that this is an innocuous file, it shows information related to improving Google account security when the macro is run. Ultimately, it downloads additional malware files and leaks user information. When the file is run, it shows a warning image that mentions ‘file created in public…
ASEC Weekly Malware Statistics (March 14th, 2022 – March 20th, 2022) Posted By jcleebobgatenet , March 30, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 14th, 2022 (Monday) to March 20th, 2022 (Sunday). For the main category, info-stealer ranked top with 70.0%, followed by RAT (Remote Administration Tool) with 19.8%, downloader with 5.7%, banking malware with 3.6%, CoinMiner with 0.4%, and backdoor with 0.4%. Top 1 – Formbook Formbook ranked first place with 26.3%. Like other info-stealer, it is…
VBS Script Disguised as PDF File Being Distributed (Kimsuky) Posted By jcleebobgatenet , March 28, 2022 On March 23rd, the ASEC analysis team has discovered APT attacks launched by an attack group presumed to be Kimsuky, and they targeted certain Korean companies. Upon running the script file with the VBS extension, the malware runs the innocuous PDF file that exists internally to trick the user into thinking that they opened an innocuous document file and uses a malicious DLL file to leak information. Taking PDF file into consideration, it seems the attacker is targeting precise-refinement industries….
BitRAT Disguised as Officer Installer Being Distributed Posted By jcleebobgatenet , March 28, 2022 The ASEC analysis team previously uploaded a post about BitRAT that was distributed under the disguise of Windows OS license verification tool. The BitRAT is now being distributed as Office Installer with different files, preying upon potential victims. The following image shows a post that contains the malware. It is titled, [New][Cheap]Office 2021 Installer + Permanent License Verification. The downloaded file is a compressed file named ‘Program.zip’, just like the one introduced in the previous blog post (see Figure 3…