ASEC Weekly Malware Statistics (August 8th, 2022 – August 14th, 2022)

Posted By ,

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 8th, 2022 (Monday) to August 14th, 2022 (Sunday). For the main category, info-stealer ranked top with 41.9%, followed by backdoor with 38.4%, downloader with 16.8%, ransomware with 2.2%, and CoinMiner with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.1%. It is an info-stealer that leaks…

ASEC Weekly Malware Statistics (August 1st, 2022 – August 7th, 2022)

Posted By ,

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from August 1st, 2022 (Monday) to August 7th, 2022 (Sunday). For the main category, info-stealer ranked top with 47.4%, followed by backdoor with 22.6%, downloader with 20.0%, ransomware with 6.8%, banking with 2.6%, and CoinMiner with 0.5%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 25.8%. It is…

Monero CoinMiner Being Distributed via Webhards

Posted By ,

Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. The ASEC analysis team has been monitoring malware types distributed through webhards and uploaded multiple blog posts about them in the past. Generally, attackers distribute malware with illegal programs such as adult games and crack versions of games. Those who use webhards as a distribution path typically install RAT type malware such as njRAT, UdpRAT, and DDoS IRC Bot. The team has recently discovered the…

ASEC Weekly Malware Statistics (July 25th, 2022 – July 31st, 2022)

Posted By ,

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 25th, 2022 (Monday) to July 31st, 2022 (Sunday). For the main category, info-stealer ranked top with 38.6%, followed by backdoor with 38.1%, and downloader with 23.3%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.8%. It is an info-stealer that leaks user credentials saved in web…

Gwisin Ransomware Targeting Korean Companies

Posted By ,

The cases of Gwisin ransomware attacking Korean companies are recently on the rise. It is being distributed to target specific companies. It is similar to Magniber in that it operates in the MSI installer form. Yet unlike Magniber which targets random individuals, Gwisin does not perform malicious behaviors on its own, requiring a special value for the execution argument. The value is used as key information to run the DLL file included in the MSI. As such, the file alone…