[Caution] Virus/XLS Xanpei Infecting Normal Excel Files Posted By Hansoyoung , April 13, 2022 The ASEC analysis team has recently discovered the constant distribution of malware strains that spread the infection when Excel file is opened. Besides infecting normal Excel files, they can also perform additional malicious behaviors such as acting as a downloader and performing DNS Spoofing, therefore, users need to take great caution. The common trait of the malware strains is to spread the virus through the VBA (Visual Basic for Applications) codes included in Excel files. Upon opening the infected Excel…
SystemBC Being Used by Various Attackers Posted By Sanseo , April 12, 2022 SystemBC is a proxy malware that has been used by various attackers for the last few years. While it is recently distributed through SmokeLoader or Emotet, this malware has steadily been used in various ransomware attacks in the past. When an attacker attempts to access a certain address with malicious intent, the system can be used as a passage if the infected system utilizes SystemBC, which acts as a Proxy Bot. Because it can also act as a downloader to…
ASEC Weekly Malware Statistics (March 28th, 2022 – April 3rd, 2022) Posted By Hansoyoung , April 7, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 28th, 2022 (Monday) to April 3rd, 2022 (Sunday). For the main category, info-stealer ranked top with 69.6%, followed by RAT (Remote Administration Tool) malware with 21.0%, ransomware with 5.1%, downloader with 3.6%, and CoinMiner with 0.7%. Top 1 – AgentTesla AgentTesla ranked first place with 28.3%. It is an info-stealer that leaks user…
Malicious Help File Disguised as COVID-19 Infectee Notice Being Distributed in Korea Posted By jcleebobgatenet , April 5, 2022 The ASEC analysis team introduced readers to malware that takes the form of a Windows help file (*.chm) about two weeks ago. The malicious CHM file that was recently discovered is disguised as a notice for people infected with COVID-19 and is being distributed to Korean users. The attacker is probably distributing the file in such a form because Korea has recently seen a surge in COVID-19 case numbers. The name of the file that is being distributed is shown…
Malicious Word Documents Using MS Media Player (Impersonating AhnLab) Posted By jcleebobgatenet , April 5, 2022 Last week, the ASEC analysis team uploaded a post named “Malicious Word File Targeting Corporate Users Being Distributed” that contained information about a malicious Word file. Currently, documents of the same type are being distributed with text that impersonates AhnLab. The Word files confirmed this time download another Word file containing malicious VBA macro via the external URL and run it. Another difference is that the additionally downloaded Word file uses the Windows Media Player() function instead of AutoOpen() to…
