ASEC

How Is My Phone Number Leaked?

The PERSONAL INFORMATION PROTECTION ACT is a law to protect the freedom and rights of individuals, and it aims to actualize the individual dignity and value of people. According to the act, personal information is defined as pieces of information that can easily identify an individual when coupled with other pieces of information, and phone numbers are seen as one of the main types of personal information. This post explains the PUP (Potentially Unwanted Program) that collects phone numbers. Figure…

Auto-Publishing and Auto-Reporting Programs for Blog Posts

Spam programs are illegal programs according to the ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION. The ASEC analysis team previously published a blog post about a spam program sold as a marketing program. Today, we will introduce a program similar to the spam program covered in the past. The file collected under the filename of ‘Naver Blog Report Program.exe’ was developed with C#, just like the spam program covered in the previous blog post. Its…

Phishing Email Disguised as Korean Web Portal Page (Daum)

On July 21st, the ASEC analysis team discovered the distribution of phishing email disguised as Daum, one of Korea’s portal websites. The email was made to resemble an estimate request by including RFQ on the title. It uses its attachment to lead the user to a phishing webpage. The attachment is an HTML file, and opening the file automatically redirects the user to the following URL. hxxps://euoi8708twufevry4yuwfywe8y487r.herokuapp[.]com/sreverse.php After redirection, the phishing webpage (see Figure 3 on the left) disguised as…

AppleSeed Being Distributed to Maintenance Company of Military Bases

The ASEC analysis team has recently discovered a case of AppleSeed being distributed to a certain maintenance company of military bases. AppleSeed is a backdoor malware mainly used by the Kimsuky group and is actively being distributed to multiple attack targets as of late. In this case, the malware was distributed with a file under the name of a military base. 20220713_**** base_installation planned dateV004_*** edited_6.xls AppleSeed was distributed as an Excel file (XLS) and protected with a password to…

NSIS Installer Malware Included with Various Malicious Files

The ASEC analysis team recently discovered attackers distributing multiple malicious files with NSIS installers. NSIS (Nullsoft Scriptable Install System) is normally used to create installers for certain programs. It can be also used for creating malware strains as it is script-based and thus makes nearly identical forms for NSIS installers. NSIS installer-type malware strains have been used a lot by attackers. The type introduced in this post includes multiple malicious files in a single installer: running one file will infect…