Makop Ransomware Distributed As Copyright Violation Related Materials Posted By jcleebobgatenet , May 13, 2021 The ASEC analysis team has recently shared information about the distribution of Makop ransomware disguised as job applications. This week, the team confirmed that the ransomware is being distributed via e-mails that contain materials related to copyright violation. Unlike the last time, the compressed file is attached with the .dat extension instead of .zip and to avoid the e-mail attachment scan, the date the mail was distributed was used as a password. Inside the attached file, there is a file…
ASEC Weekly Malware Statistics (April 26th, 2021 – May 2nd, 2021) Posted By jcleebobgatenet , May 11, 2021 The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from April 26th, 2021 Monday to May 2nd, 2021 Sunday. For the main category, info-stealer ranked top with 75.9%, followed by RAT (Remote Administration Tool) malware with 19.3%, downloader with 1.3%, and CoinMiner with 2.6%. Ransomware and banking malware accounted for 0.4%. Top 1 – AgentTesla AgentTesla was ranked first place with 32.9%. It…
Attack Against Ukrainian Ministry of Defense Using E-mail Disguised as Free Bitcoin Reward Posted By jcleebobgatenet , May 7, 2021 ASEC analysis team has confirmed the distribution of malicious e-mail disguised as a free Bitcoin reward that targets specific individuals in Ukrainian Ministry of Defense. This malware uses a recent hot topic, Bitcoin, and tricks people into downloading the end-stage malware through various methods. Upon downloading the PDF file attached to the e-mail, the user can see the content of the PDF file which states that Bitcoin can be received for free if the user accesses the short URL written…
Lokibot Malware Disguised as Phishing E-mail Requesting for Estimate Posted By jcleebobgatenet , May 4, 2021 ASEC analysis team has discovered the distribution of Lokibot malware disguised as an estimate request e-mail. Lokibot malware has been distributed continually over several years, and a closer look at the weekly malware statistics uploaded to the ASEC blog reveals the fact that Lokibot consistently remained high on the weekly statistics list. The recently-discovered Lokibot malware is being distributed as an attachment file within the phishing mail, and its notable characteristic is the CAB/LZH archive file format. The e-mail is…
Distribution of RTF Vulnerability Malware that Takes Advantage of Microsoft Office Word’s External Connection Posted By jcleebobgatenet , May 3, 2021 Distribution of RTF vulnerability (CVE-2017-11882) malware that uses external connection of MS Office Word document has been found. Employees must be on the lookout as the attacker is using spam e-mails to distribute malware to domestic shopping malls and other businesses. Recently, the distribution of MS Office Word malware using external connection has been increasing exponentially. As the attacker uses normal XML Relationship of OOXML (Office Open XML) format and uses malicious URL for only the target address, it is…
