Distribution of ClipBanker Disguised as Malware Creation Tool Posted By Sanseo , March 23, 2022 The ASEC analysis team has recently discovered a distribution of ClipBanker disguised as a malware creation tool. ClipBanker is a malware that monitors the clipboard of the infected system. If a string for a coin wallet address is copied, the malware changes it to the address designated by the attacker. Such type of malware has been continuously distributed since the past. The website that distributes ClipBanker is called ‘Russia black hat’ as shown below. It has various programs related to…
APT Attack Being Distributed as Windows Help File (*.chm) Posted By jcleebobgatenet , March 22, 2022 The ASEC analysis team has recently discovered the distribution of malware disguised as a Windows Help File (*.chm), specifically targeting Korean users. The CHM file is a compiled HTML Help file that is executed via the Microsoft® HTML help executable program. The recently discovered CHM file downloads additional malicious files when run. A window that contains ordinary content is shown during this process, tricking the user into thinking that the file may not be malicious. The malware is compressed and…
BitRAT Disguised as Windows Product Key Verification Tool Being Distributed Posted By Sanseo , March 21, 2022 The ASEC analysis team has recently discovered BitRAT which is being distributed via webhards. Because the attacker disguised the malware as Windows 10 license verification tool from the development stage, users who download illegal crack tools from webhard and install it to verify Windows license are at risk of having BitRAT installed into their PC. The following shows a post that was uploaded to webhard, one that harbors the malware. The title is [New][Quick Install]Windows License Verification[One-click]. A compressed file…
ASEC Weekly Malware Statistics (March 7th, 2022 – March 13th, 2022) Posted By jcleebobgatenet , March 18, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 7th, 2022 (Monday) to March 13th, 2022 (Sunday). For the main category, info-stealer ranked top with 71.2%, followed by RAT (Remote Administration Tool) with 12.4%, downloader with 6.8%, banking malware with 5.9%, ransomware with 2.7%, and backdoor with 0.3%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.4%….
Malicious Word Files Disguised as Product Introduction Posted By jcleebobgatenet , March 17, 2022 The ASEC analysis team has discovered a word document that is in the same category as the document introduced in the post <Word File Disguised as a Design Modification Request for Information Theft>, uploaded in December last year. The title of the document confirmed in this case is ‘Product Introduction.doc’. Given that the document includes descriptions for certain products, the attacker likely targeted companies related to distribution and shopping. The document contains an image that is the same as the…
