Nitol DDoS Malware Installing Amadey Bot Posted By Sanseo , December 22, 2022 The ASEC analysis team recently discovered that a threat actor has been using Nitol DDoS Bot to install Amadey. Amadey is a downloader that has been in circulation since 2018, and besides extorting user credentials, it can also be used for the purpose of installing additional malware. Amadey is being actively distributed again this year, and even until very recently, it has been propagating itself on websites disguised as cracks and keygens for normal software and installing other malware on…
HackHound IRC Bot Being Distributed via Webhards Posted By Sanseo , November 11, 2022 Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. The ASEC analysis team has been monitoring malware types distributed through webhards and uploaded multiple blog posts about them in the past. Generally, attackers distribute malware through illegal programs such as adult games and crack versions of games. Those who use webhards as a distribution path typically install RAT type malware such as njRAT, UdpRAT, and DDoS IRC Bot. As shown in the cases covered…
njRAT Being Distributed via Webhards Posted By Sanseo , March 8, 2022 Webhards is a platform used to distribute malware, and it is mainly used by attackers that mainly target Korean users. The ASEC analysis team has been monitoring malware types distributed through webhards and has uploaded multiple blog posts about them in the past. Various types of malware are used recently such as UdpRat or DDoS IRC Bot developed with GoLang, but njRAT had been used in multiple attacks in the past. The ASEC analysis team has recently found njRAT being…
DDoS IRC Bot Malware (GoLang) Being Distributed via Webhards Posted By Sanseo , January 19, 2022 While monitoring the distribution source of malware in Korea, the ASEC analysis team has discovered that DDoS IRC Bot strains disguised as adult games are being installed via webhards. Webhards are platforms commonly used for the distribution of malware in Korea, where njRAT and UDP Rat were distributed in the past. The cases that are recently being discovered are similar to the case discussed in the post above, and it appears that the same attacker is continuing to distribute the…
Malware Being Distributed via Webhards (October 8) Posted By jcleebobgatenet , October 25, 2021 The ASEC analysis team is consistently monitoring the source of distribution of Korean malware, and recently, the team introduced UDP Rat and webhard posts that were used to distribute it. Since the upload of the post, the uploader who is speculated to be the attacker has been distributing similar malware disguised as adult games via other webhards, and they are still available for download. – UDP RAT Malware Being Distributed via Webhards The figure above shows that unlike the cases before…
