Magniber Disguised as Normal Windows Installer (MSI) Being Redistributed (February 22nd) Posted By jcleebobgatenet , March 2, 2022 In the morning of February 22nd, the ASEC analysis team has discovered the redistribution of Magniber that disguised itself as normal Windows Installers (MSI) instead of the previous Windows app (APPX) The distributed Magniber files have MSI as their extension, disguised as Windows update files. Critical.Update.Win10.0-kb4215776.msi Critical.Update.Win10.0-kb6253668.msi Critical.Update.Win10.0-kb5946410.msi MSI package files are install frameworks that are also used for normal Windows updates. The malware was distributed by including the Magniber ransomware DLL within the MSI package file. By default, MSI…
Change in Distribution Method of Malware Disguised as Estimate (VBS Script) Posted By jcleebobgatenet , February 28, 2022 Last year, the ASEC analysis team has discovered the distribution of Formbook that used a certain company’s name in its filename. Recently, the team has discovered that it is being distributed via VBS file. The email used for distribution still contains details about a request for an estimate, and by using a certain company’s name in the attachment, it prompts the user to execute it. The compressed file attached to the email does not contain an executable but a VBS…
CoinMiner Being Distributed to Unsecured MS-SQL Servers Posted By Sanseo , February 28, 2022 The ASEC analysis team is constantly monitoring malware distributed to unsecured MS-SQL servers. The previous blogs explained the distribution cases of Cobalt Strike and Remcos RAT, but the majority of the discovered attacks are CoinMiners. – [ASEC Blog] Remcos RAT Being Distributed to Vulnerable MS-SQL Servers– [ASEC Blog] Cobalt Strike Being Distributed to Unsecured MS-SQL Servers– [ASEC Blog] Cobalt Strike Being Distributed to Unsecured MS-SQL Servers (2) This blog will explain a specific form of CoinMiner that has been consistently distributed since last…
New Infostealer ‘ColdStealer’ Being Distributed Posted By jcleebobgatenet , February 25, 2022 The ASEC analysis team has discovered the distribution of ColdStealer that appears to be a new type of infostealer. The malware disguises itself as a software download for cracks and tools, a distribution method that was mentioned multiple times in previous ASEC blog posts. There are two cases for this type of malware distribution: 1. Distributing a single type of malware such as CryptBot or RedLine2. Dropper-type malware decompressing and executing various internal malware strains ColdStealer was distributed with the…
ASEC Weekly Malware Statistics (February 14th 2022 – February 20th, 2022) Posted By jcleebobgatenet , February 25, 2022 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 14th, 2022 (Monday) to February 20th, 2022 (Sunday). For the main category, info-stealer ranked top with 74.5%, followed by RAT (Remote Administration Tool) malware with 17.4%, banking malware with 3.9%, ransomware with 2.1%, and downloader with 2.1%. Top 1 – AgentTesla AgentTesla ranked first place with 34.8% once again. It is an info-stealer…
