PyBitmessage Backdoor Malware Installed with CoinMiner
The AhnLab SEcurity intelligence Center (ASEC) has recently detected a new type of backdoor malware being distributed alongside the Monero coin miner. This blog post covers malware that utilizes the PyBitmessage library to perform communications on a P2P (Peer to Peer) network and encrypt the communication content between endpoints, instead
Malware Disguised as Browser Update
Recently, AhnLab SEcurity intelligence Center (ASEC) identified the distribution of malware disguised as a browser update targeting a wide range of users. This malware is distributed through infected websites, and when users visit these sites, malicious scripts are loaded. The scripts create fake update windows for browsers like Chrome or
Fileless Revenge RAT Malware
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of Revenge RAT malware that had been developed based on legitimate tools. It appears that the attackers have used tools such as ‘smtp-validator’ and ‘Email To Sms’. At the time of execution, the malware creates and runs both a legitimate tool
AsyncRAT Distributed via WSF Script
The AhnLab Security Emergency response Center (ASEC) analysis team previously posted about AsyncRAT being distributed via files with the .chm extension. [1] It was recently discovered that this type of AsyncRAT malware is now being distributed in WSF script format. The WSF file was found to be distributed in a
Infostealer Being Distributed via Spam Email (AgentTesla)
AhnLab Security Emergency response Center (ASEC) spotted the AgentTesla Infostealer being distributed through an email in the form of a malicious BAT file. When the BAT file is executed, it employs the fileless method to run AgentTesla (EXE) without creating the file on the user’s PC. This blog post will
AsyncRAT Being Distributed in Fileless Form
The ASEC analysis team has recently discovered that malicious AsyncRAT codes are being distributed in fileless form. The distributed AsyncRAT is executed in fileless form through multiple script files and is thought to be distributed as a compressed file attachment in emails. AsyncRAT is an open-source RAT malware developed with
Change in Magniber Ransomware Vulnerability (CVE-2021-40444)
Magniber is a fileless ransomware using an IE vulnerability and it is one of the ransomware that causes damage to numerous Korean users. It is difficult to prevent infection if not detected and blocked in advance during the vulnerability occurrence phase, which makes it difficult for anti-malware programs to detect
Caution! Magniber Ransomware Being Distributed in Korea Using CVE-2021-26411 Vulnerability
The distributor of Magniber ransomware has continued to evolve to avoid V3’s detection. It goes without saying that subscribers of ASEC Blog are well aware of the fact that AhnLab has been fighting the developers of Magniber ransomware for a long time, and that the history almost resembles a cat-and-mouse
Received Estimate/Purchase Order Email? Take Caution When Opening Them!
With the start of 2021, malicious emails disguised as business emails are being discovered as numerous companies have started their business. Thus, users must remain vigilant when opening email. The discovered attacks used e-mails disguised as business-related content, such as ‘estimate request’ or ‘purchase orders,’ with malicious files attached. Upon
