ASEC Weekly Malware Statistics (July 18th, 2022 – July 24th, 2022) Posted By jcleebobgatenet , July 28, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from July 18th, 2022 (Monday) to July 24th, 2022 (Sunday). For the main category, info-stealer ranked top with 44.7%, followed by backdoor with 40.3%, downloader with 14.5%, and ransomware with 0.6%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 27.0%. It is an info-stealer that leaks user credentials…
Phishing Email Disguised as Korean Web Portal Page (Daum) Posted By jcleebobgatenet , July 28, 2022 On July 21st, the ASEC analysis team discovered the distribution of phishing email disguised as Daum, one of Korea’s portal websites. The email was made to resemble an estimate request by including RFQ on the title. It uses its attachment to lead the user to a phishing webpage. The attachment is an HTML file, and opening the file automatically redirects the user to the following URL. hxxps://euoi8708twufevry4yuwfywe8y487r.herokuapp[.]com/sreverse.php After redirection, the phishing webpage (see Figure 3 on the left) disguised as…
Attackers Profiting from Proxyware Posted By Sanseo , July 28, 2022 Proxyware is a program that shares a part of the Internet bandwidth that is currently available on a system to others. Users who install the program are usually paid with a certain amount of cash in exchange for providing the bandwidth. Companies that provide such a service include Peer2Profit and IPRoyal. They gain profit by providing the bandwidth to other companies and claim on their webpages that they have various business partners using the service for distributing software, investigating markets,…
AppleSeed Being Distributed to Maintenance Company of Military Bases Posted By jcleebobgatenet , July 28, 2022 The ASEC analysis team has recently discovered a case of AppleSeed being distributed to a certain maintenance company of military bases. AppleSeed is a backdoor malware mainly used by the Kimsuky group and is actively being distributed to multiple attack targets as of late. In this case, the malware was distributed with a file under the name of a military base. 20220713_**** base_installation planned dateV004_*** edited_6.xls AppleSeed was distributed as an Excel file (XLS) and protected with a password to…
IcedID Being Distributed Through ISO Files Posted By jcleebobgatenet , July 25, 2022 The ASEC analysis team has been introducing various types of malware that were distributed through ISO files. And the team recently discovered the distribution of IcedID (module-type banking malware) through ISO files. There were two methods to distribute the malware. The first one used the same method employed by the Bumblebee malware that was discussed in the previous post. The second method is similar to the first one but had script files and the cmd command added. The first type…