ASEC Weekly Malware Statistics (October 17th, 2022 – October 23rd, 2022) Posted By jcleebobgatenet , October 27, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 17th, 2022 (Monday) to October 23rd (Sunday). For the main category, info-stealer ranked top with 52.7%, followed by downloader with 37.0%, backdoor with 8.8%, ransomware with 1.0%, and banking malware with 0.5%. Top 1 – Agent Tesla AgentTesla is an infostealer that ranked first place with 23.4%. It is an info-stealer that leaks…
Qakbot Malware Being Distributed in Korea Posted By jcleebobgatenet , October 27, 2022 The ASEC analysis team has identified the Qakbot malware that was introduced in the past is being distributed to Korean users. The overall operation process, including the fact that it uses ISO files, is similar to the previous version, but a process to bypass behavior detection was added. The email distributed to Korean users is as shown below. It has hijacked a normal existing email and replied to it with a malicious file in the attachment, and this distribution process…
CoinMiner Being Installed on Vulnerable Apache Tomcat Web Server Posted By Sanseo , October 27, 2022 The ASEC analysis team has recently identified attacks targeting vulnerable Apache Tomcat web server. The Tomcat server that has not been updated to the latest version is one of the major attack vectors that exploit vulnerabilities. In the past, the ASEC blog has also covered attacks targeting Apache Tomcat servers with the vulnerable JBoss version installed. The attackers used JexBoss, a vulnerability exploitation tool, to install a WebShell before gaining control over the target system with the Meterpreter malware. Ordinarily,…
FormBook Malware Being Distributed as .NET Posted By jcleebobgatenet , October 27, 2022 AhnLab’s ani-malware software, V3, detects and responds to malware with a variety of detection features including the App Isolate Scan feature. The App Isolate Scan detects and quarantines suspicious processes. This allows quarantining malware such as Infostealer and downloader in a virtual environment for detection. Therefore, V3 can protect users from security threats by quarantining unknown malware that have not been collected by Ahnlab infrastructure or malware with unidentified static and dynamic behavior patterns in advance. The FormBook malware mentioned…
ASEC Weekly Malware Statistics (October 10th, 2022 – October 16th, 2022) Posted By jcleebobgatenet , October 25, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 10th, 2022 (Monday) to October 16th, 2022 (Sunday). For the main category, downloader ranked top with 44.4%, followed by info-stealer with 41.7%, backdoor with 12.5%, ransomware with 0.9%, and CoinMiner with 0.5%. Top1. SmokeLoader Smokeloader is infostealer / downloader malware that is distributed via exploit kits. This week, it ranked first place…
