[Caution] Makop Ransomware Disguised as Job Application E-mail Being Distributed! Posted By jcleebobgatenet , April 30, 2021 ASEC analysis team has recently discovered ransomware disguised as job application being distributed via e-mail. It appears that the attacker is targeting recruitment managers of various companies amidst the recruitment season of the first half of the year. Hence, recruiters must pay particular attention when managing their e-mail accounts. The distributed e-mails had titles with names which can be perceived as the applicant’s name, and compressed attachments. The names of the distributed files are as follows: ● ResumeandPortfolio_210412 (If you…
Detection of Vulnerability (CVE-2021-26411) via V3 Memory Scan (Magniber) Posted By jcleebobgatenet , April 28, 2021 Starting from March 2021, Magniber ransomware that operates in a fileless form has used the script that utilizes CVE-2021-26411 vulnerability instead of using CVE-2020-0968 vulnerability. There are still numerous damage reports that involve Magniber ransomware in Korea, and as the malware is being distributed via IE vulnerability (CVE-2021-26411), it is absolutely crucial for users of IE to apply the security patch. Detecting and blocking the latest Magniber is possible with V3’s ‘Process Memory Scan’ feature. Magniber ransomware infects via IE browser…
Snake Keylogger Being Distributed via Spam E-mails Posted By jcleebobgatenet , April 21, 2021 Recently, there has been an exponential increase in the distribution of Snake Keylogger via spam e-mails. Snake Keylogger is an info-leaking malware that is developed with .NET, and as seen from the weekly statistics below, it consecutively made its way into the Top 5 malware as of recent. Considering the fact that it’s an info-stealing malware that is mostly distributed via spam e-mails, it is similar to that of AgentTesla malware. Like AgentTesla, Snake Keylogger also supports info-leaking feature through…
Distribution of Hangul Word Processor (HWP) File with Title of North Korea-related Question Posted By jcleebobgatenet , April 19, 2021 Previously, ASEC analysis team discovered the surge in the distribution of malicious Word files containing North Korea-related materials and shared detailed information about this trend. And today, ASEC analysis team has discovered the distribution of malware disguised as HWP files that contain North Korea-related questions. Judging by the information within the HWP file, the malware developer must have modified the document with North Korea-related questions that were used on December 15, 2020, during the debate on North Korea. This malicious HWP…
Analysis of Dridex Malware Distribution Method Armed with Bypass Detection Posted By jcleebobgatenet , April 12, 2021 Dridex, also known as Cridex and Bugat, is a typical info-stealing malware that steals financial information. It is distributed on a massive scale by cybercrime organizations and it mainly uses macros within Microsoft Office Word or Excel document files that are included in spam mails. The most noticeable characteristic of Dridex malware is that it operates by modularizing files depending on features such as downloader, loader, and botnet. As such, there have been cases of ransomwares such as DoppelPaymer or…
