Bumblebee Being Distributed in Korea Through Email Hijacking
The ASEC analysis team has recently discovered the active distribution of Bumblebee, a downloader type malware. It is distributed using phishing emails in ISO file, and this file contains a shortcut and malicious DLL file. There were also cases of malware being distributed to Korean users through email hijacking. The
XLL Malware Distributed Through Email
Malware strains have been created and distributed in various forms and types. As such, the ASEC analysis team is actively monitoring and analyzing such changes to allow AhnLab products to detect them. This post will introduce XLL malware that was discovered being distributed last year. XLL files are Microsoft Excel
Method that Tricks Users to Perceive Attachment of PDF File as Safe File
The ASEC analysis team has discovered the distribution of info-stealer malware using Attachment feature of PDF files. This attack method was discovered previously, but as the malware of this type has resurfaced and is being actively distributed, the team would like to share the information. Note that the attacker used
Increased Phishing Attacks Disguised as Microsoft
The ASEC analysis team has recently discovered phishing emails disguised as Microsoft login pages. As shown in the figure below, one of the collected samples is disguised as the company’s voice message to prompt users to click the attached playback file. Clicking the file redirects users to a phishing webpage
Phishing Email Disguised as a Well-Known Korean Web Portal
The ASEC analysis team has recently discovered a phishing email that impersonates a well-known Korean web portal to collect user credentials. The phishing email demands the users to upgrade the mailbox storage, prompting them to click the link. Upon clicking the link, the user is redirected to the phishing page
Distribution of Phishing Emails Targeting Korean Research Institutes and Companies
The ASEC analysis team has discovered the distribution of phishing emails targeting Korean research institutes and companies to steal passwords. The phishing email impersonated an international transport company, requesting the user to submit custom information, and open the attachment file to prompt the user to click the URL. Upon clicking
Emails Disguised as ‘Emirates Post’ Being Distributed During the Overseas Direct Purchase Season
The ASEC analysis team has introduced numerous phishing websites disguised as various companies. The team has recently discovered a malicious email disguised as Emirates Post, a transport company, during the overseas direct purchase season. As shown in the figure below, the malicious email states that there is a problem with
Phishing PDF Files with CAPTCHA Screen Being Mass-distributed
Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by
Phishing Attacks Disguised as Microsoft, Targeting Corporate Users
The ASEC analysis team has recently discovered phishing attacks disguised as Microsoft are being sent to corporate users. As shown in the figure below, the sender of the phishing e-mail is disguised as Microsoft, and the e-mail is distributed with the subject of “Password Expiring Notice”. The body of the
Daum Phishing E-mails Disguised as ‘Purchase Order’ being Distributed
One of the most frequently used methods for the distribution of malware is using phishing e-mails. The ASEC analysis team has introduced specific phishing attacks as well as the types of phishing e-mails in previous blog posts. Trend of Phishing Spreading Through Spam Mails Similar to the previous cases, the
