Cryptocurrency Mining Malware Goes After Users Looking for Pirated Software Posted By janekyungjin , June 29, 2020 Recently, AhnLab warned users of cryptocurrency mining malware that are being distributed in the wild. Cryptocurrency mining malware, also known as CoinMiner malware, is going after users that are actively searching for pirated software. As a medium to spread the malware, the attacker created a phishing site that is searchable by Google and other search engines. When the user enters a certain keyword, such as ‘HWP document program crack for Mac’ or ‘crack Autocad 2006 64 Bit Keygen,’ to look…
Distribution of Avaddon Ransomware using RigEK in Korea (extension: *.avdn) Posted By janekyungjin , June 24, 2020 In early June, a new ransomware dubbed Avaddon was introduced in two articles (see link below). Since June 8, the number of distributed malware using RigEK (Rig Exploit Kit) has increased exponentially in Korea, and Avaddon ransomware is also being distributed. (June 7) sensorstechforum.com/avaddon-virus-remove/ (June 8) www.bleepingcomputer.com/news/security/new-avaddon-ransomware-launches-in-massive-smiley-spam-campaign/ The following figure shows the number of V3 behavior-detection logs for RigEK. 1153 represents No. of behavior-detection rule and this figure shows that the number of cases started skyrocketing starting from June 8. Users…
Snake Ransomware Designed to Operate Only in Specific Business Environments Posted By janekyungjin , June 18, 2020 Snake ransomware that targets specific companies is currently being distributed. Although there are no found cases in Korea as of yet, Korean companies must be on guard as it is targeting companies across nations such as Germany, Italy, Japan and etc. Snake is ransomware developed with Go language. The number of malware developed with Go has been on the continual rise, and recently distributed malwares use obfuscation methods to disrupt analysis. Like the others, function names of Snake ransomware have…
Watch Out… Malware Disguised as Software Activation Tools are on the Loose! Posted By janekyungjin , June 4, 2020 AhnLab has recently identified a malware being distributed in the wild disguised as a software activation tool. The malicious campaign is targeted towards users trying to get access to pirated softwares. The attacker distributed malicious executable files disguised as software activation tools. Examples of these tools include KMSAuto and KMSPico. It can be commonly downloaded from illegal software download sites and P2P file-sharing sites. When the user executes the malicious executable file, a fake password input appears. When the user enters the password…
Distribution of Hangul Word Processor File (HWP) during Academic Conference Season in Korea Posted By janekyungjin , June 4, 2020 On May, ASEC analysis team shared details of Hangul Word Processor file (HWP) malware that is being distributed across various fields (see blog post below). In the past, it was distributed with the titles related to ‘real-estate,’ however, malware today is developed with titles related to thesis and other academic items based on the scheduled academic conferences in Korea. So far, AhnLab discovered 2 filenames that are being used by malicious HWP files, and among the topics discussed in the blog…
