Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in February 2024
Darkweb Malware Phishing/Scam Trend

Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in February 2024

Statistics of Malware in Distribution Targeting the Financial Sector     Top 10 Major Malware Targeting the Financial Sector   Attack Stage Malware Type MD5 Hash Stage 1 Phishing f7db2045ef80e8e4c86db829ec0b6ee6 Stage 1 WebShell b597418bea2ff4da50540ed191e1bb55 Stage 2 HackTool 18cfc7e41afdeb10b15a54e6e39f0463 Stage 2 HackTool 110dde62258542a1bcdc15a2af5b54d2 Stage 2 Dropper 19c2decfa7271fa30e48d4750c1d18c1 Stage 2 Dropper 27ef6917fe32685fdf9b755eb8e97565

  • Mar 05 2024
Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in January 2024
Darkweb Malware Phishing/Scam Trend

Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in January 2024

Statistics of Malware Targeting the Financial Sector      Top 10 Major Malware Targeting the Financial Sector   Attack Phase Malware Category MD5 Hash Phase 1 Phishing F57FA515AFB84F034B5025CF597C2AB4 Phase 1 Phishing 03267C03B3511FEFE59C54E582E7A7C9 Phase 2 Backdoor 82D0F2A189262D9555D6DB9723645D07 Phase 2 Backdoor 2F06DD4E6D4C72032CDE55C3D0E88FD3 Phase 2 Downloader 87982F1F940CC4AD215CE2DD3FE45678 Phase 2 Dropper 06AF7E3BD05111DA4DEBC5454B92ED0E Phase 3

  • Feb 05 2024
Statistics Report on Malware Threat in Q4 2023
Malware Trend

Statistics Report on Malware Threat in Q4 2023

Overview  AhnLab uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q4 2023.  The malware included in the statistics are in the executable format. These were reported

  • Jan 10 2024
Distribution of Malicious LNK File Disguised as Producing Corporate Promotional Materials
APT Malware

Distribution of Malicious LNK File Disguised as Producing Corporate Promotional Materials

Recently, AhnLab Security Emergency response Center (ASEC) has identified a malicious LNK file being distributed to financial and blockchain corporation personnel through email and other ways. The malicious LNK file is distributed via URLs and AhnLab Smart Defense (ASD) has confirmed the following URLs. Download URLshxxps://file.lgclouds001[.]com/read/?[이메일 계정]&zw=블록체인%20기업%20솔루션%20편람%20제작.zip (hxxps://file.lgclouds001[.]com/read/?[email-account]&zw=blockchain%20corporate%20solution%20handbook%20production.zip)hxxps://file.ssdrive001[.]com/read/?[이메일 계정]&zw=블록체인%20기업%20솔루션%20편람%20제작.zip (hxxps://file.ssdrive001[.]com/read/?[email-account]&zw=blockchain20corporate%20solution%20solution%20production.zip)

  • Nov 10 2023
BitRAT and XMRig CoinMiner Being Distributed via Windows License Verification Tool
Malware

BitRAT and XMRig CoinMiner Being Distributed via Windows License Verification Tool

The ASEC analysis team has recently discovered the distribution of BitRAT and XMRig CoinMiner disguised as a Windows license verification tool. As introduced in previous posts, BitRAT has a history of being distributed on webhards as MS Windows license verification tools and MS Office installation programs. It is likely that

  • Aug 16 2022
Amadey Bot Being Distributed Through SmokeLoader
Malware

Amadey Bot Being Distributed Through SmokeLoader

Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it has been sold in illegal forums and used by various attackers. The ASEC analysis team previously revealed cases where Amadey

  • Jul 11 2022
GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email
Malware Phishing/Scam

GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email

GuLoader has ranked again in Top 5 malware keywords of ASEC Weekly Malware Statistics for the first time in two years. It is a downloader malware that can download additional malware, and got its name as Google Drive is frequently used as its download URL. ASEC Weekly Malware Statistics (June

  • Jul 01 2022
Bumblebee Being Distributed in Korea Through Email Hijacking
Malware

Bumblebee Being Distributed in Korea Through Email Hijacking

The ASEC analysis team has recently discovered the active distribution of Bumblebee, a downloader type malware. It is distributed using phishing emails in ISO file, and this file contains a shortcut and malicious DLL file. There were also cases of malware being distributed to Korean users through email hijacking. The

  • Jun 13 2022
SystemBC Being Used by Various Attackers
Malware

SystemBC Being Used by Various Attackers

SystemBC is a proxy malware that has been used by various attackers for the last few years. While it is recently distributed through SmokeLoader or Emotet, this malware has steadily been used in various ransomware attacks in the past. When an attacker attempts to access a certain address with malicious

  • Apr 04 2022
Malware Being Sneakily Installed in My PC-BeamWinHTTP Malware
Malware

Malware Being Sneakily Installed in My PC-BeamWinHTTP Malware

The weekly malware statistics which ASEC analysis team uploads every week show that the number of occurrences for a downloader type malware named BeamWinHTTP has been on the rise for the last few weeks. According to the last ASEC weekly malware statistics, BeamWinHTTP malware is one of the top 3

  • Mar 04 2021