PYbot DDoS Malware Being Distributed Disguised as a Discord Nitro Code Generator Posted By Sanseo , February 15, 2023 A major method through which threat actors distribute malware is by uploading them to sites disguised as cracks or illegal software. After a threat actor uploads their malware disguised as a crack or serial keygen for some paid software, users become infected by the malware while installing this illegal software. The ASEC analysis team is monitoring malware that is being distributed through illegal software like software cracks or serial keygens. Many of the malware distributed in this way are Infostealers…
Shc Linux Malware Installing CoinMiner Posted By Sanseo , January 4, 2023 The ASEC analysis team recently discovered that a Linux malware developed with Shc has been installing a CoinMiner. It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. Among those installed were the Shc downloader, XMRig CoinMiner installed through the former, and DDoS IRC Bot, developed with Perl. 1. Shc (Shell Script Compiler) Shc is an abbreviation for Shell Script Compiler and is responsible for…
Nitol DDoS Malware Installing Amadey Bot Posted By Sanseo , December 22, 2022 The ASEC analysis team recently discovered that a threat actor has been using Nitol DDoS Bot to install Amadey. Amadey is a downloader that has been in circulation since 2018, and besides extorting user credentials, it can also be used for the purpose of installing additional malware. Amadey is being actively distributed again this year, and even until very recently, it has been propagating itself on websites disguised as cracks and keygens for normal software and installing other malware on…
HackHound IRC Bot Being Distributed via Webhards Posted By Sanseo , November 11, 2022 Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. The ASEC analysis team has been monitoring malware types distributed through webhards and uploaded multiple blog posts about them in the past. Generally, attackers distribute malware through illegal programs such as adult games and crack versions of games. Those who use webhards as a distribution path typically install RAT type malware such as njRAT, UdpRAT, and DDoS IRC Bot. As shown in the cases covered…
njRAT Being Distributed via Webhards Posted By Sanseo , March 8, 2022 Webhards is a platform used to distribute malware, and it is mainly used by attackers that mainly target Korean users. The ASEC analysis team has been monitoring malware types distributed through webhards and has uploaded multiple blog posts about them in the past. Various types of malware are used recently such as UdpRat or DDoS IRC Bot developed with GoLang, but njRAT had been used in multiple attacks in the past. The ASEC analysis team has recently found njRAT being…
