Malware Being Distributed by Disguising Itself as Icon of V3 Lite

The ASEC analysis team has discovered the distribution of malware disguised as a V3 Lite icon and packed with the .NET packer. The attacker likely created an icon that is almost identical to that of V3 Lite to trick the user, and AveMaria RAT and AgentTesla were discovered during the last month using this method. As shown in Figure 1, the icon looks almost identical to the actual V3 Lite icon. AveMaria is a RAT (Remote Administration Tool) malware with…

Amadey Bot Being Distributed Through SmokeLoader

Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it has been sold in illegal forums and used by various attackers. The ASEC analysis team previously revealed cases where Amadey was used on attacks in the ASEC blog posted in 2019 (English version unavailable). Amadey was mainly used to install ransomware by attackers of GandCrab or to install FlawedAmmyy by…

Change in Injection Method of Magniber Ransomware

The ASEC analysis team is constantly monitoring Magniber, which has a higher number of distribution cases. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed as a Windows installer package file (.msi) on Edge and Chrome browsers. Magniber, which is being distributed as Windows installation package file (.msi), has hundreds of distribution logs reported every day (see…

GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email

GuLoader has ranked again in Top 5 malware keywords of ASEC Weekly Malware Statistics for the first time in two years. It is a downloader malware that can download additional malware, and got its name as Google Drive is frequently used as its download URL. The ASEC analysis team has discovered that this type of malware took the most portion among Downloader malware types that were distributed during the 2nd quarter of this year (see figure below). Recently discovered case…

Meterpreter Distributed to Vulnerable Server of Korean Medical Institution

While monitoring malware strains distributed to vulnerable servers, the ASEC analysis team discovered an attack case for PACS (Picture Archiving and Communication System) server used by Korean medical institutions. PACS is a system for digitally managing and transferring medical images of patients, which is used to check and interpret the images without being restrained by time and space. This system is thus used by many hospitals. As there are multiple PACS vendors, each medical institution may use different PACS systems….