Distribution of PebbleDash Malware in March 2025
PebbleDash is a backdoor malware that was previously identified by the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. as a backdoor malware of Lazarus (Hidden Corba) in 2020. At the time, it was known as the malware of the Lazarus group, but recently, there have been more cases
Analysis Report on the Latest Attack Cases by Kimsuky Group Exploiting PebbleDash and RDP Wrapper
Analysis Overview AhnLab SEcurity intelligence Center (ASEC) recently identified that the Kimsuky group is using the backdoor PebbleDash and RDP Wrapper in multiple attacks. The threat actor uses LNK during initial access to install PowerShell malware on the infected system. Once this process is complete, they install custom-made remote control
Analysis Report on APT Attack Cases Using noMu Backdoor
AhnLab SEcurity intelligence Center (ASEC) has recently identified attack cases where an unknown threat actor installed various remote control malware targeting Korean users and systems. The threat actor used a range of reverse shells, backdoors, and VNC malware strains, and also utilized RDP for remote screen control. Among the malware
Distribution of AsyncRAT Disguised as Ebook
1. Overview AhnLab SEcurity intelligence Center (ASEC) covered cases of AsyncRAT being distributed via various file extensions (.chm, .wsf, and .lnk). [1] [2] In the aforementioned blog posts, it can be seen that the threat actor used normal document files disguised as questionnaires to conceal the malware. In a similar vein, there
AsyncRAT Being Distributed as Windows Help File (*.chm)
The distribution method of malware has been diversifying as of late. Among these methods, a malware strain that uses the Windows Help file (*.chm) has been on the rise since last year, and has been covered multiple times in ASEC blog posts like the ones listed below. APT Attack Being
AsyncRAT Being Distributed in Fileless Form
The ASEC analysis team has recently discovered that malicious AsyncRAT codes are being distributed in fileless form. The distributed AsyncRAT is executed in fileless form through multiple script files and is thought to be distributed as a compressed file attachment in emails. AsyncRAT is an open-source RAT malware developed with
RAT Tool Disguised as Solution File (*.sln) Being Distributed on Github
The ASEC analysis team has recently discovered the distribution of a RAT Tool disguised as a solution file (*.sln) on GitHub. As shown in Figure 1, the malware distributor is sharing a source code on GitHub titled “Jpg Png Exploit Downloader Fud Cryter Malware Builder Cve 2022”. The file composition
AsyncRAT Being Distributed to Unsecured MySQL Servers
The ShadowServer foundation has recently released a report showing that there are about 3.6 million MySQL servers exposed to outside. Along with MS-SQL server, MySQL server is one of the main database servers that provides the feature of managing large amounts of data in a corporate or user environment. MS-SQL
Malware Distributed via Discord along with Illegal Pornography
The ASEC analysis team recently discovered batches of RAT (Remote Administration Tool) malware that is being distributed via Discord messenger. Currently, a downloader malware that downloads these batches of malware is being distributed under the name ‘porn URL.exe’ and when this malware is run, it downloads various RAT malwares externally
