December 2025 APT Attack Trend Report (South Korea)
Overview AhnLab monitoring APT (Advanced Persistent Threat) attacks in South Korea using its own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in December 2025. It also provides an overview of the features of each
xRAT (QuasarRAT) Malware Being Distributed Through Webhard (Adult Games)
AhnLab SEcurity intelligence Center (ASEC) recently discovered that the xRAT (QuasarRAT) malware is being distributed through a webhard disguised as an adult game. In Korea, webhard services are one of the most commonly used platforms for distributing malware. Typically, threat actors use malware that are easily accessible, such as
November 2025 APT Attack Trends Report (South Korea)
Overview AhnLab is monitoring APT (Advanced Persistent Threat) attacks in South Korea using our own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in November 2025. It also provides an overview of the features
October 2025 APT Attack Trends Report (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in October 2025. Figure 1. Statistics of APT attacks in South Korea in October 2025
XwormRAT Being Distributed Using Steganography
AhnLab SEcurity intelligence Center (ASEC) collects information on malware distributed through phishing emails by using its own “email honeypot system.” Based on this information, ASEC publishes the “Phishing Email Trend Report” and “Infostealer Trend Report” on the ASEC Blog every month. Recently, XwormRAT has been confirmed to be distributed using
AhnLab Detection Information on BPFDoor Exploited in Recent Hacking Attacks and KISA Hash Notice
BPFDoor is a Linux-based backdoor malware. AhnLab previously published their EDR detection information on this malware through the ASEC blog in October 2024. KISA recently shared threat information and warnings on BPFDoor, which has been exploited in hacking attacks. V3 detection information on the hash values shared by KISA in
Statistical Report on Malware Threat in Q4 2024
Overview AhnLab uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q4 2024. The malware strains included in the statistics are in the executable format and
Backdoor (*.chm) Disguised as Document Editing Software and Messenger Application
The ASEC analysis team confirmed that a backdoor malware disguised as document editing software and messenger application used by many Korean users is being distributed in Korea through malicious CHM files. The team recently introduced malicious CHM files distributed in various forms twice in the ASEC blog in March. The
