Statistics Report on Malware Targeting Windows Database Servers in Q4 2025

Statistics Report on Malware Targeting Windows Database Servers in Q4 2025

AhnLab SEcurity intelligence Center (ASEC) utilizes the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting MS-SQL and MySQL servers installed on Windows operating systems. This post covers the damage status of MS-SQL and MySQL servers that have become attack targets and statistics on attacks against these

xRAT (QuasarRAT) Malware Being Distributed Through Webhard (Adult Games)

xRAT (QuasarRAT) Malware Being Distributed Through Webhard (Adult Games)

AhnLab SEcurity intelligence Center (ASEC) recently discovered that the xRAT (QuasarRAT) malware is being distributed through a webhard disguised as an adult game. In Korea, webhard services are one of the most commonly used platforms for distributing malware.   Typically, threat actors use malware that are easily accessible, such as

November 2025 APT Attack Trends Report (South Korea)

November 2025 APT Attack Trends Report (South Korea)

Overview   AhnLab is monitoring APT (Advanced Persistent Threat) attacks in South Korea using our own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in November 2025. It also provides an overview of the features

UNC5174 Group’s Discord Bot Backdoor Malware

UNC5174 Group’s Discord Bot Backdoor Malware

Recently, AhnLab SEcurity intelligence Center (ASEC) has identified an attack leveraging a backdoor malware that uses the Discord API to establish a Command and Control (C2) infrastructure, linked to the UNC5174 threat group [1]). UNC5174 employs an operational strategy designed to maintain long-term control after initial compromise by sequentially deploying

ViperSoftX Attackers Target Monero

ViperSoftX Attackers Target Monero

AhnLab SEcurity intelligence Center (ASEC) has confirmed that the ViperSoftX attackers are installing coin miners to mine Monero cryptocurrency. ViperSoftX is a remote control malware that steals cryptocurrency wallet addresses. These attackers primarily distribute malware disguised as cracks or keygens for legitimate software, or as eBooks. In addition to ViperSoftX,

NKNShell Malware Distributed via VPN Website

NKNShell Malware Distributed via VPN Website

AhnLab SEcurity intelligence Center (ASEC) has confirmed that malware has been uploaded to the website of a South Korean VPN provider. Based on the distribution method and characteristics of the malware used, this attack appears to be the work of the same threat actor who has been targeting South Korean

October 2025 APT Attack Trends Report (South Korea)

October 2025 APT Attack Trends Report (South Korea)

Overview   AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in October 2025. Figure 1. Statistics of APT attacks in South Korea in October 2025

Distribution of Malware Abusing LogMeIn and PDQ Connect

Distribution of Malware Abusing LogMeIn and PDQ Connect

AhnLab SEcurity intelligence Center (ASEC) recently identified cases of attacks abusing the RMM (Remote Monitoring and Management) tools LogMeIn Resolve (GoTo Resolve) and PDQ Connect. While the initial distribution method is unknown, the attacks involve a legitimate-looking website that disguises the malware as a normal program. When a user downloads

Distribution of Backdoor Malware with Legitimate Signature, Disguised as Steam Cleanup Tool

Distribution of Backdoor Malware with Legitimate Signature, Disguised as Steam Cleanup Tool

Multiple cases have been reported where malware disguised as the “SteamCleaner” tool for cleaning the popular game platform Steam client is being distributed. When a system is infected with this malware, a malicious Node.js script resides on the user’s PC and communicates with the C2 server periodically, allowing threat actors

Case of ActiveMQ Vulnerability Exploitation to Install Sharpire (Kinsing)

Case of ActiveMQ Vulnerability Exploitation to Install Sharpire (Kinsing)

AhnLab SEcurity intelligence Center (ASEC) has confirmed that the Kinsing threat actor is still distributing malware by exploiting known vulnerabilities. Since the disclosure of the CVE-2023-46604 vulnerability in ActiveMQ, the threat actor has been exploiting it to install malware on both Linux and Windows systems. [1] Aside from the well-known XMRig