ASEC Weekly Malware Statistics (May 30th, 2022 – June 5th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 30th, 2022 (Monday) to June 5th, 2022 (Sunday). For the main category, info-stealer ranked top with 89.9%, followed by RAT (Remote Administration Tool) malware with 8.5%, and ransomware, downloader, banking malware with 0.5% each. Top 1 – Formbook Formbook ranked first place with 33.7%. Like other info-stealer, it is mainly distributed through…

CHM Malware Types with Anti-Sandbox Technique and Targeting Companies

Among CHM strains that are recently being distributed in Korea, the ASEC analysis team has discovered those applied with the anti-sandbox technique and targeting companies. Both types were introduced in the ASEC blog in March and May. The type with the anti-sandbox technique checks the user PC environment before dropping malicious VBE file. The HTML code included in the CHM file is shown below. The code creates and runs normal program (EXE) and malicious DLL file. The malicious DLL created…

Caution! Microsoft Office Zero-day Vulnerability Follina (CVE-2022-30190)

A new vulnerability named Follina (CVE-2022-30190) has been revealed. According to Microsoft, it is a remote code execution vulnerability that occurs when the URL protocol is used to call MSDT in calling applications such as Microsoft Word. With the privileges of the calling application, attackers can run arbitrary codes, install additional programs, and view, change or delete data. 1. Vulnerability Malware Example The vulnerability occurs when a Word file downloads and runs an HTML file responsible for the vulnerability through the…

AppleSeed Disguised as Wi-Fi Router Firmware Installer Being Distributed

On May 26th, the ASEC analysis team discovered the distribution of AppleSeed disguised as a Wi-Fi router firmware installer. Previously discovered AppleSeed strains were mainly distributed by disguising themselves as normal document or image files. The dropper malware that creates AppleSeed either used script formats such as JS (Java Script) and VBS (Visual Basic Script), or had a pif extension to disguise itself as a document file that works as .exe file. For this case, it used the icon and…

ASEC Weekly Malware Statistics (May 23rd, 2022 – May 29th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 23rd, 2022 (Monday) to May 29th, 2022 (Sunday). For the main category, info-stealer ranked top with 76.9%, followed by RAT (Remote Administration Tool) malware with 16.6%, downloader with 5.2%, and ransomware with 1.3%. Top 1 – AgentTesla AgentTesla is an infostealer that has taken first place once again with 32.3%. It is an…