Distribution of Magniber Ransomware Stops (Since February 5th)

The ASEC analysis team constantly monitors ‘malvertising’ which is a term for the distribution of malware via browser online advertisement links. The team has recently discovered that Magniber ransomware, a typical malware distributed via malvertising has stopped its distribution. The malvertising distribution method of Magniber in Internet Explorer is to attempt at infecting the target by only accessing via a vulnerability, and in Chromium-based browsers (E.g. Edge, Chrome), it disguises itself as a browser update installer (.appx) and prompts the…

ASEC Weekly Malware Statistics (February 7th, 2022 – February 13th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 7th, 2022 (Monday) to February 13th, 2022 (Sunday). For the main category, info-stealer ranked top with 62.3%, followed by banking malware with 18.6%, RAT (Remote Administration Tool) with 13.6%, downloader with 3.4%, and ransomware with 1.3%. Top 1 –  AgentTesla AgentTesla ranked first place with 30.9% once again. It is an info-stealer malware…

ASEC Weekly Malware Statistics (January 31st, 2022 – February 6th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 31st, 2022 (Monday) to February 6th, 2022 (Sunday). For the main category, info-stealer ranked top with 61.6%, followed by RAT (Remote Administration Tool) malware with 18.9%, banking malware with 11.3%, ransomware with 4.4%, and downloader with 3.8%. Top 1 – AgentTesla AgentTesla ranked first place with 40.3% once again. It is an info-stealer…

Emotet Being Distributed in Korea via Excel Files

The ASEC analysis team has recently discovered the active distribution of malicious Excel files that download Emotet. The team has introduced this type of malware in the post ‘Emotet Being Distributed Using Excel Files‘ last month. At that time, only types of Excel files that use macro sheets were found, but recently, there have been types that perform malicious behaviors using VBA macro. The distributed email had a compressed file as an attachment, and it contained an Excel file that…

Phishing Email Disguised as a Well-Known Korean Web Portal

The ASEC analysis team has recently discovered a phishing email that impersonates a well-known Korean web portal to collect user credentials. The phishing email demands the users to upgrade the mailbox storage, prompting them to click the link. Upon clicking the link, the user is redirected to the phishing page that prompts the users to enter their password. The figure below shows the subject and the details of the email, and the link redirects the user to the phishing page….