PyBitmessage Backdoor Malware Installed with CoinMiner
The AhnLab SEcurity intelligence Center (ASEC) has recently detected a new type of backdoor malware being distributed alongside the Monero coin miner. This blog post covers malware that utilizes the PyBitmessage library to perform communications on a P2P (Peer to Peer) network and encrypt the communication content between endpoints, instead
Statistical Report on Malware Targeting MS-SQL Servers in 1Q 2025
Overview The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers that became attack targets based on the logs discovered in 1Q 2025,
AhnLab EDR Detects CoinMiner Propagated via USB in South Korea
1. Overview CoinMiners typically secretly use the CPU and GPU resources of users’ computers to mine cryptocurrencies, which slows down the performance of the affected computers. CoinMiners are usually distributed through phishing emails, malicious websites, system vulnerabilities, and other means. For analysis of this malware, please refer to the AhnLab
Statistical Report on Malware Targeting MS-SQL Servers in Q4 2024
Overview The AhnLab SEcurity intelligence Center (ASEC) analysis team uses the AhnLab Smart Defense (ASD) infrastructure to categorize and respond to attacks on vulnerable MS-SQL servers. This report will cover the current state of damage to MS-SQL servers that became attack targets based on the logs discovered in Q4 2024,
Analysis Report on Larva-24011 Threat Actor’s Latest Attack Trend
1. Overview The Larva-24011 threat actor is targeting vulnerable systems to install CoinMiner and proxyware for financial gain. AhnLab Security Intelligence Center (ASEC) has recently observed that besides installing CoinMiner and proxyware, the threat actor is engaging in more attack cases of controlling infected systems and exfiltrating information such as
Analysis of an Attack Against HiveOS for Mining Ravencoin
AhnLab Security intelligence Center (ASEC) is using multiple honeypots to monitor attacks targeting improperly managed Linux servers. Among the prominent honeypots is the SSH service using vulnerable credentials, which is targeted by many DDoS and CoinMiner attackers. While monitoring numerous external attacks, ASEC recently identified an attack targeting HiveOS. The
Supershell Malware Being Distributed to Linux SSH Servers
AhnLab SEcurity intelligence Center (ASEC) has recently discovered an attack case installing the Supershell backdoor on inadequately managed Linux SSH servers. Created by a Chinese-speaking developer, Supershell is developed in the Go language and supports various platforms including Windows, Linux, and Android. Its primary function is a reverse shell, which
Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692)
HTTP File Server (HFS) is a program that provides a simple type of web service. Because it can provide web services with just an executable file without having to build a web server, it is often used for sharing files, allowing users to connect to the address through web browsers
Analysis of CoinMiner Attacks Targeting Korean Web Servers
Since web servers are externally exposed to provide web services to all available users, they have been major targets for threat actors since the past. AhnLab SEcurity Intelligence Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed, and is sharing the
Analysis Report on Malware – Disguised as Cracked Programs Targeting Korean Users
Overview AhnLab SEcurity intelligence Center (ASEC) has discussed cases of Remote Access Trojan (RAT) and bitcoin miner attacks targeting Korean users in our ASEC blog post, “Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack[1].” Until recently, the attacker has been creating and distributing malware, and more
