ASEC Weekly Malware Statistics (June 21st, 2021 – June 27th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 21st, 2021 (Monday) to June 27th, 2021 (Sunday). For the main category, info-stealer ranked top with 68.2%, followed by RAT (Remote Administration Tool) malware with 21.7%, DDoS with 3.9%, downloader with 3.1%, and ransomware with 2.2%. Top 1 – AgentTesla AgentTesla was ranked first place with 21.2%. It is an info-stealer malware…

Info-Stealer Malware Disguised as Illegal Pornography Being Distributed via Discord

The ASEC analysis team recently found an info-stealing malware that is being distributed via Discord messenger. The malware which is spread through Discord uses the Discord API to send the stolen information to the attacker. FYI, the Discord type method was introduced in the ASEC blog before. https://asec.ahnlab.com/en/19343/ The Discord server which distributes malware sells and distributes illegal pornographies. The creator of malware who is also the administrator of the server uploads a compressed file in the server’s ‘Free Porn’…

ASEC Weekly Malware Statistics (June 14th, 2021 – June 20th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 14th, 2021 (Monday) to June 20th, 2021 (Sunday). For the main category, info-stealer ranked top with 79.6%, followed by RAT (Remote Administration Tool) malware with 18.5%, and downloader with 1.9%. Top 1 –  AgentTesla AgentTesla was ranked first place with 22.0%. It is an info-stealer malware that leaks user information saved in web…

Attacker Distributing Malicious Word Document Written as Compensation Claim Form

A malicious word document file written as ‘compensation claim form’ is being distributed again. This is speculated to be a targeted APT attack. The exact malware that used the identical document format was also discovered back in March, and the ASEC team published a post that analyzes the malware in the ASEC blog. The currently discovered word document was made recently and it contains the same content as the previous attack, but it operates differently. In this post, the team…

CryptBot Info-stealer Malware Being Distributed in Different Forms

CryptBot is an info-stealer malware distributed through malicious sites disguised as utility program downloading pages. When searching keywords such as names of certain programs, cracks, and serial numbers, the related distribution sites are exposed at the top of the search results page. Upon connecting to the page and clicking the download button, the user is redirected to the CryptBot malware downloading page. Numerous malicious sites were created using various keywords. When searching the most popular software keywords, many malicious sites…