ASEC Weekly Malware Statistics (March 7th, 2022 – March 13th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 7th, 2022 (Monday) to March 13th, 2022 (Sunday). For the main category, info-stealer ranked top with 71.2%, followed by RAT (Remote Administration Tool) with 12.4%, downloader with 6.8%, banking malware with 5.9%, ransomware with 2.7%, and backdoor with 0.3%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.4%….

Malicious Word Files Disguised as Product Introduction

The ASEC analysis team has discovered a word document that is in the same category as the document introduced in the post <Word File Disguised as a Design Modification Request for Information Theft>, uploaded in December last year. The title of the document confirmed in this case is ‘Product Introduction.doc’. Given that the document includes descriptions for certain products, the attacker likely targeted companies related to distribution and shopping. The document contains an image that is the same as the…

Gh0stCringe RAT Being Distributed to Vulnerable Database Servers

The ASEC analysis team is constantly monitoring malware distributed to vulnerable database servers (MS-SQL, MySQL servers). This blog will explain the RAT malware named Gh0stCringe[1]. Gh0stCringe, also known as CirenegRAT, is one of the malware variants based on the code of Gh0st RAT. It was first discovered in December 2018, and it is known to have been distributed via SMB vulnerability (using the SMB vulnerability tool of ZombieBoy).[2] Since then, no direct relationship has been found, but it was mentioned…

ASEC Weekly Malware Statistics (February 28th, 2022 – March 6th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 28th, 2022 (Monday) to March 6th, 2022 (Sunday). For the main category, info-stealer ranked top with 67.0%, followed by RAT (Remote Administration Tool) malware with 19.0%, downloader with 6.8%, banking malware with 4.1%, ransomware with 2.7%, and backdoor with 0.5%. Top 1 – Formbook Formbook is an infostealer that ranked first place with 28.1%….

Infostealer Being Distributed via YouTube

The ASEC analysis team has recently discovered an infostealer that is being distributed via YouTube. The attacker disguised the malware as a game hack for Valorant, and uploaded the following video with the download link for the malware, then guided the user to turn off the anti-malware program. The team has introduced another case of distribution disguised as a game hack or crack via YouTube in a previous ASEC blog post. When users click the link to download the game…