Malicious Help File Disguised as Missing Coins Report and Wage Statement (*.chm)

The ASEC analysis team has discovered a continuous distribution of malware disguised as a Windows Help File (*.chm). The most recent CHM file is identical to the file introduced in <APT Attack Being Distributed as Windows Help File (*.chm)> to download the additional malware. It appears that the CHM file of this type is distributed in the form of a compressed file. The confirmed filenames of the compressed files and internal CHM files are as follows: Names of Compressed Files…

ASEC Weekly Malware Statistics (May 2nd, 2022 – May 8th, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 2nd, 2022 (Monday) to May 8th, 2022 (Sunday). For the main category, info-stealer ranked top with 73.1%, followed by RAT (Remote Administration Tool) malware with 19.3%, ransomware with 5.0%, and downloader with 2.5%. Top 1 – AgentTesla AgentTesla is an infostealer that has taken first place once again with 49.6%. It is an…

ASEC Weekly Malware Statistics (April 25th, 2022 – May 1st, 2022)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from April 25th, 2022 (Monday) to May 1st, 2022 (Sunday). For the main category, info-stealer ranked top with 70.3%, followed by RAT (Remote Administration Tool) malware with 18.8%, ransomware with 7.9%, downloader with 2.5%, and coinminer with 0.5%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 38.6%. It is an…

Backdoor (*.chm) Disguised as Document Editing Software and Messenger Application

The ASEC analysis team confirmed that a backdoor malware disguised as document editing software and messenger application used by many Korean users is being distributed in Korea through malicious CHM files. The team recently introduced malicious CHM files distributed in various forms twice in the ASEC blog in March. The malicious files discussed in this post execute additional malicious files via a process that is different from the previous cases. The names of some CHM files that are currently distributed…

Distribution of Malicious Word File Related to North Korea’s April 25th Military Parade

On April 29th, the ASEC analysis team discovered the distribution of a malicious Word file related to North Korea’s military parade. The distributor uploaded the file on a Korean web server which is assumed to have been breached. Besides the malicious Word file, the server also had 2 normal HWP files, likely used for distributing malicious HWP files with the OLE object or EPS vulnerability method. – [Analysis] North Korea’s Position on Use of Nuclear Weapons and Implications of Changes…