ASEC Weekly Malware Statistics (September 5th, 2022 – September 11th, 2022) Posted By jcleebobgatenet , September 21, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from September 5th, 2022 (Monday) to September 11th, 2022 (Sunday). For the main category, info-stealer ranked top with 47.1%, followed by downloader with 32.7%, backdoor with 12.5%, and ransomware with 7.7%. Top 1 – GuLoader GuLoader, which ranked first place with 21.1%, is a downloader malware that downloads additional malware and runs it. It…
Change in Magniber Ransomware (*.cpl → *.jse) – September 8th Posted By jcleebobgatenet , September 15, 2022 After Magniber changed its method of distribution from an MSI format to a CPL format on July 20th, it has been monitored to show decreased distribution activity as of mid-August. While continuously monitoring for changes, the ASEC analysis team found that the distribution format of Magniber has changed from *.CPL (DLL type) to *.JSE (script) format starting from September 8th, 2022. As Magniber is one of the most damaging ransomware to Korean users and is employing various methods to bypass…
Phishing Websites Disguised as Korean Groupware Login Website Being Distributed Posted By jcleebobgatenet , September 14, 2022 The ASEC analysis team has been building a honeypot to collect various malware strains that are being distributed both in Korea and overseas. The honeypot also collects phishing emails and recently caught one targeting Korean users, which was being distributed continuously to Korean email accounts only since August. The phishing website the email is redirected to is disguised as a login page for a Korean groupware site, and over 2,500 cases were confirmed to access the website. Thus users must…
ASEC Weekly Malware Statistics (August 29th, 2022 – September 4th, 2022) Posted By jcleebobgatenet , September 14, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 29th, 2022 (Monday) to September 4th, 2022 (Sunday). For the main category, info-stealer ranked top with 45.9%, followed by downloader with 28.1%, backdoor with 18.5%, ransomware with 6.2%, and CoinMiner and banking malware with 0.7% each. Top 1 – GuLoader GuLoader, which ranked first place with 22.6%, is a downloader malware that…
HWP File Disguised as Personal Profile Form (OLE Object) Posted By minakg1217 , September 5, 2022 The ASEC analysis team has recently identified a malicious HWP file that exploits OLE objects and flash vulnerabilities. The file uses a malicious URL identified in 2020. This URL contains a flash vulnerability (CVE-2018-15982) file, which requires users to take caution. The identified HWP file includes OLE objects, and the corresponding files are generated in the %TEMP% folder when the HWP file is opened. The created files are shown below. The HWP file does not directly use previously known files…
