Malware Disguised as Installer from Korean Public Institution (Kimsuky Group) Posted By Sanseo , March 26, 2024 AhnLab SEcurity intelligence Center (ASEC) recently discovered the Kimsuky group distributing malware disguised as an installer from a Korean public institution. The malware in question is a dropper that creates the Endoor backdoor, which was also used in the attack covered in the previous post, “TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group)”. [1] While there are no records of the dropper being used in actual attacks, there was an attack case that involved the backdoor created…
Caution! Malware Signed With Microsoft Certificate Posted By jcleebobgatenet , December 26, 2022 Microsoft announced details on the distribution of malware signed with a Microsoft certificate.[1] According to the announcement, a driver authenticated with the Windows Hardware Developer Program had been abused due to the leakage of multiple Windows developer accounts. To prevent damage, Microsoft blocked the related accounts and applied a security update (Microsoft Defender 1.377.987.0 or later). To prevent security risks, Windows only allows the loading of kernel mode drivers that are signed. If a driver is not signed, it cannot…
