ASEC Weekly Malware Statistics (June 6th, 2022 – June 12th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 6th, 2022 (Monday) to June 12th, 2022 (Sunday). For the main category, banking malware ranked top with 44.1%, followed by infostealer with 39.3%, backdoor with 9.9%, downloader with 2.9%, and coinminer with 1.9%. Top 1 – Emotet Emotet ranked first place with 41.5%. Emotet is a banking malware that is being continuously…

Malicious HWP Files with BAT Scripts Being Distributed Actively (North Korea/National Defense/Broadcasting)

The ASEC analysis team has discovered the active distribution of APT files that are exploiting a feature of HWP files (OLE object insertion) recently. After the case introduced in the post “Malicious HWP File Disguised as Press Release of 20th Presidential Election Early Voting for Sailors Being Distributed” on March 8th, the attacker is continuously distributing malicious HWP files targeting people in the field of national defense, North Korea-related materials, and broadcasting. When the file is opened, the OLE object…

Follina Vulnerability (CVE-2022-30190) Attack Using ‘Antimicrobial Film Request’ File

On June 7th, the ASEC analysis team swiftly uploaded a brief introduction of a zero-day vulnerability for Microsoft Office files (Follina). As the patch for the vulnerability is not distributed yet, users are advised to take caution. Caution! Microsoft Office Zero-day Vulnerability Follina (CVE-2022-30190) AhnLab has distributed a detection rule for attack attempts exploiting the vulnerability from the perspectives of file and behavior detections. The vulnerability can be detected by various AhnLab products (V3, MDS, and EDR). While the team…

ASEC Weekly Malware Statistics (May 30th, 2022 – June 5th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 30th, 2022 (Monday) to June 5th, 2022 (Sunday). For the main category, info-stealer ranked top with 89.9%, followed by RAT (Remote Administration Tool) malware with 8.5%, and ransomware, downloader, banking malware with 0.5% each. Top 1 – Formbook Formbook ranked first place with 33.7%. Like other info-stealer, it is mainly distributed through…

CHM Malware Types with Anti-Sandbox Technique and Targeting Companies

Among CHM strains that are recently being distributed in Korea, the ASEC analysis team has discovered those applied with the anti-sandbox technique and targeting companies. Both types were introduced in the ASEC blog in March and May. The type with the anti-sandbox technique checks the user PC environment before dropping malicious VBE file. The HTML code included in the CHM file is shown below. The code creates and runs normal program (EXE) and malicious DLL file. The malicious DLL created…