ASEC Weekly Malware Statistics (June 14th, 2021 – June 20th, 2021) Posted By jcleebobgatenet , July 1, 2021 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 14th, 2021 (Monday) to June 20th, 2021 (Sunday). For the main category, info-stealer ranked top with 79.6%, followed by RAT (Remote Administration Tool) malware with 18.5%, and downloader with 1.9%. Top 1 – AgentTesla AgentTesla was ranked first place with 22.0%. It is an info-stealer malware that leaks user information saved in web…
Attacker Distributing Malicious Word Document Written as Compensation Claim Form Posted By jcleebobgatenet , June 29, 2021 A malicious word document file written as ‘compensation claim form’ is being distributed again. This is speculated to be a targeted APT attack. The exact malware that used the identical document format was also discovered back in March, and the ASEC team published a post that analyzes the malware in the ASEC blog. The currently discovered word document was made recently and it contains the same content as the previous attack, but it operates differently. In this post, the team…
CryptBot Info-stealer Malware Being Distributed in Different Forms Posted By jcleebobgatenet , June 28, 2021 CryptBot is an info-stealer malware distributed through malicious sites disguised as utility program downloading pages. When searching keywords such as names of certain programs, cracks, and serial numbers, the related distribution sites are exposed at the top of the search results page. Upon connecting to the page and clicking the download button, the user is redirected to the CryptBot malware downloading page. Numerous malicious sites were created using various keywords. When searching the most popular software keywords, many malicious sites…
njRAT Being Distributed through Webhards and Torrents Posted By jcleebobgatenet , June 24, 2021 njRAT is a RAT malware that can perform various malicious activities after receiving commands from the attacker. Because it provides various features such as file downloading, command execution, keylogging, and user account information extortion, it has been steadily used by attackers since the past. Also, since one can easily find builders on the Internet, the malware is distributed in various forms to target domestic users. The most typical method is using torrents and webhards to distribute it under a disguise…
Phishing Site Targeting Domestic E-mail Service Users (Part 2) Posted By jcleebobgatenet , June 22, 2021 The ASEC analysis team has been sharing information about various phishing e-mails in the ASEC blog. This time, the team aims to inform users about another discovered phishing site that targets domestic e-mail service users to distribute malware. The recently confirmed phishing site targets Naver Mail (mail.naver), Daum Mail (mail2.daum), and hiworks users to collect their information such as IDs, passwords, and user IPs. It then sends the information to the attacker’s e-mail. The top-level domain hxxp://za***if***i**pl*ce[.]com/ takes the form…
