Analysis Report on Malware – Disguised as Cracked Programs Targeting Korean Users
Overview AhnLab SEcurity intelligence Center (ASEC) has discussed cases of Remote Access Trojan (RAT) and bitcoin miner attacks targeting Korean users in our ASEC blog post, “Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack[1].” Until recently, the attacker has been creating and distributing malware, and more
Statistics Report on Malware Threat in Q1 2024
Overview AhnLab uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q1 2024. The malware included in the statistics are in the executable format. These were reported
XMRig CoinMiner Installed via Game Hacks
AhnLab SEcurity intelligence Center (ASEC) recently found that XMRig CoinMiner is being distributed through game hacks. The process is similar to previously covered cases where file-sharing platforms were used to distribute XMRig CoinMiner [1] [2]. 1. Distribution Channel The CoinMiner’s distribution channel was found to be a website that distributes game
Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks
AhnLab SEcurity intelligence Center (ASEC) recently observed circumstances of a CoinMiner threat actor called Mimo exploiting various vulnerabilities to install malware. Mimo, also dubbed Hezb, was first found when they installed CoinMiners through a Log4Shell vulnerability exploitation in March 2022. Up until now, all of the attack cases involved the
Statistics Report on Malware Threat in Q4 2023
Overview AhnLab uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q4 2023. The malware included in the statistics are in the executable format. These were reported
Cryptojacking Attack Campaign Against Apache Web Servers Using Cobalt Strike
AhnLab Security Emergency response Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed. Because web servers are externally exposed for the purpose of providing web services to all available users, these become major attack targets for threat actors. Major examples of
Attack Cases of CoinMiners Mining Ethereum Classic Coins
The ASEC analysis team is monitoring CoinMiners that are targeting Korean and overseas users. We have covered cases of various types of CoinMiner attacks over multiple blog posts in the past. This post aims to introduce the recently discovered malware that mine Ethereum Classic coins. 0. Overview CoinMiners are installed
Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack
The ASEC analysis team recently identified Orcus RAT being distributed on file-sharing sites disguised as a cracked version of Hangul Word Processor. The threat actor that distributed this malware is the same person that distributed BitRAT and XMRig CoinMiner disguised as a Windows license verification tool on file-sharing sites.[1] The malware
Cases of Attacks Targeting Vulnerable Atlassian Confluence Servers
The ASEC analysis team has been monitoring attacks that are targeting vulnerable systems. This post will discuss cases of attacks targeting vulnerable Atlassian Confluence Servers that are not patched. Atlassian’s Confluence is a major collaboration platform used by many companies across the globe. Being a web-based platform, services such as
CoinMiner Being Distributed to Unsecured MS-SQL Servers
The ASEC analysis team is constantly monitoring malware distributed to unsecured MS-SQL servers. The previous blogs explained the distribution cases of Cobalt Strike and Remcos RAT, but the majority of the discovered attacks are CoinMiners. – [ASEC Blog] Remcos RAT Being Distributed to Vulnerable MS-SQL Servers– [ASEC Blog] Cobalt Strike Being Distributed
