Statistics Report on Malware Threat in Q4 2023
Overview AhnLab uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q4 2023. The malware included in the statistics are in the executable format. These were reported
Distribution of Malicious LNK File Disguised as Producing Corporate Promotional Materials
Recently, AhnLab Security Emergency response Center (ASEC) has identified a malicious LNK file being distributed to financial and blockchain corporation personnel through email and other ways. The malicious LNK file is distributed via URLs and AhnLab Smart Defense (ASD) has confirmed the following URLs. Download URLshxxps://file.lgclouds001[.]com/read/?[이메일 계정]&zw=블록체인%20기업%20솔루션%20편람%20제작.zip (hxxps://file.lgclouds001[.]com/read/?[email-account]&zw=blockchain%20corporate%20solution%20handbook%20production.zip)hxxps://file.ssdrive001[.]com/read/?[이메일 계정]&zw=블록체인%20기업%20솔루션%20편람%20제작.zip (hxxps://file.ssdrive001[.]com/read/?[email-account]&zw=blockchain20corporate%20solution%20solution%20production.zip)
BitRAT and XMRig CoinMiner Being Distributed via Windows License Verification Tool
The ASEC analysis team has recently discovered the distribution of BitRAT and XMRig CoinMiner disguised as a Windows license verification tool. As introduced in previous posts, BitRAT has a history of being distributed on webhards as MS Windows license verification tools and MS Office installation programs. It is likely that
Amadey Bot Being Distributed Through SmokeLoader
Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it has been sold in illegal forums and used by various attackers. The ASEC analysis team previously revealed cases where Amadey
GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email
GuLoader has ranked again in Top 5 malware keywords of ASEC Weekly Malware Statistics for the first time in two years. It is a downloader malware that can download additional malware, and got its name as Google Drive is frequently used as its download URL. ASEC Weekly Malware Statistics (June
Bumblebee Being Distributed in Korea Through Email Hijacking
The ASEC analysis team has recently discovered the active distribution of Bumblebee, a downloader type malware. It is distributed using phishing emails in ISO file, and this file contains a shortcut and malicious DLL file. There were also cases of malware being distributed to Korean users through email hijacking. The
SystemBC Being Used by Various Attackers
SystemBC is a proxy malware that has been used by various attackers for the last few years. While it is recently distributed through SmokeLoader or Emotet, this malware has steadily been used in various ransomware attacks in the past. When an attacker attempts to access a certain address with malicious
Malware Being Sneakily Installed in My PC-BeamWinHTTP Malware
The weekly malware statistics which ASEC analysis team uploads every week show that the number of occurrences for a downloader type malware named BeamWinHTTP has been on the rise for the last few weeks. According to the last ASEC weekly malware statistics, BeamWinHTTP malware is one of the top 3
