ASEC Weekly Malware Statistics (May 17th, 2021 – May 23rd, 2021) Posted By jcleebobgatenet , June 2, 2021 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 17th, 2021 (Monday) to May 23rd, 2021 (Sunday). For the main category, info-stealer ranked top with 75%, followed by RAT (Remote Administration Tool) malware with 19.3%, downloader with 3.6%, and ransomware with 2.1%. Top 1 – AgentTesla AgentTesla was ranked first place with 27.9%. It is an info-stealer malware that leaks user…
CoinMiner’s Attempt to Bypass AMSI by V3 Memory Scan Posted By jcleebobgatenet , May 28, 2021 The ASEC analysis team confirmed the distribution of CoinMiner that can disable the AMSI detection feature. Added in Windows 10, AMSI is a feature supported by Microsoft that allows applications and services to be linked with anti-malware software to detect malware. Currently, V3 Lite 4.0 and V3 365 Clinic 4.0 are utilizing the AMSI feature to respond to various types of malware including BlueCrab ransomware. The CoinMiner that can disable AMSI is being distributed in the fileless form utilizing the…
ASEC Weekly Malware Statistics (May 10th, 2021 – May 16th, 2021) Posted By jcleebobgatenet , May 26, 2021 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 10th, 2021 (Monday) to May 16th, 2021 (Sunday). For the main category, info-stealer ranked top with 71.2%, followed by RAT (Remote Administration Tool) malware with 19.9%, CoinMiner with 3.7%, ransomware with 2.8%, and downloader with 2.0%. Backdoor and banking malware each accounted for 0.2%. Top 1 – AgentTesla AgentTesla was ranked first…
HawkEye Keylogger Being Distributed via Spam Mails Posted By jcleebobgatenet , May 25, 2021 HawkEye keylogger is an info-stealing malware that is mainly distributed via spam mails. Although AgentTesla, Formbook, and Lokibot are currently the most distributed info-stealing malware, HawkEye used to match these types of malware in terms of mass distribution until recently. Despite the recent plummet in distribution, HawkEye malware has been maintaining a certain level of activity throughout this year. It is assumed that HawkEye mostly uses spam mail with attachment files as its distribution method, and the following figures are…
Vidar Info-Stealer Abusing Game Platform Posted By jcleebobgatenet , May 24, 2021 The ASEC analysis team has recently found out that the Vidar info-stealer malware is abusing a game matching program named Faceit to create C&C server URL. Vidar is malware that has been steadily distributed from the past disguised as spam mail, PUP, and KMSAuto authentication tool. Before it performs info-stealing activities, it connects to C&C server to receive commands and download additional DLL files to collect user information. In the past, the malware simply connected to C&C server and received…
