Warning Against Infostealer Infections Upon Executing Legitimate EXE Files (DLL Hijacking) Posted By KDH , November 1, 2023 Caution is advised as an Infostealer that prompts the execution of legitimate EXE files is actively being distributed. The threat actor is distributing a legitimate EXE file with a valid signature and a malicious DLL compressed in the same directory. The EXE file itself is legitimate, but when executed in the same directory as the malicious DLL, it automatically runs that malicious DLL. This technique is called DLL hijacking and is often used in the distribution of malware. The distribution…
Nitol DDoS Malware Installing Amadey Bot Posted By Sanseo , December 22, 2022 The ASEC analysis team recently discovered that a threat actor has been using Nitol DDoS Bot to install Amadey. Amadey is a downloader that has been in circulation since 2018, and besides extorting user credentials, it can also be used for the purpose of installing additional malware. Amadey is being actively distributed again this year, and even until very recently, it has been propagating itself on websites disguised as cracks and keygens for normal software and installing other malware on…
A Dropper-Type Malware Bomb Being Distributed Again in the Disguise of Cracks Posted By jcleebobgatenet , November 14, 2022 The dropper malware which camouflaged itself as a crack is being actively distributed again after a period of dormancy. When this malware is executed, the affected system becomes infected with numerous malware programs simultaneously. This is effectively a malware “bomb.” Malware disguised as cracks for commercial software have been prevalent, which were either distributed in a “singular malware” format or “dropper malware” format. The ASEC analysis team is closely monitoring such malware distribution activities and has covered them multiple times…
Amadey Bot Being Distributed Through SmokeLoader Posted By Sanseo , July 21, 2022 Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it has been sold in illegal forums and used by various attackers. The ASEC analysis team previously revealed cases where Amadey was used on attacks in the ASEC blog posted in 2019 (English version unavailable). Amadey was mainly used to install ransomware by attackers of GandCrab or to install FlawedAmmyy by…
