January 2026 Infostealer Trend Report
This report provides statistics, trends, and case information regarding the distribution quantity, distribution methods, and obfuscation techniques of Infostealer malware collected and analyzed during the month of January 2026. Below is a summary of the original report content. 1) Data Sources and Collection Methods AhnLab Security Intelligence Center (ASEC)
June 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on Infostealer malware including the distribution volume, distribution methods, and disguises based on the data collected and analyzed in June 2025. The following is a summary of the report. 1) Data Sources and Collection Methods AhnLab SEcurity intelligence Center (ASEC)
March 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on the distribution quantity, distribution methods, and disguise techniques of Infostealer collected and analyzed during March 2025. Below is a summary of the report. 1. Data Sources and Collection Methods To proactively repond to Infostealer, AhnLab SEcurity intelligence Center (ASEC)
February 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on the distribution quantity, distribution methods, and disguise techniques of Infostealer collected and analyzed during February 2025. Below is a summary of the report. 1. Data Sources and Collection Methods To proactively repond to Infostealer, AhnLab SEcurity intelligence Center (ASEC)
January 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on the distribution quantity, distribution methods, and disguise techniques of Infostealer collected and analyzed during January 2025. Below is a summary of the report’s content. 1. Data Sources and Collection Methods To proactively respond to Infostealer, AhnLab Security Emergency response
XLoader Executed Through JAR Signing Tool (jarsigner.exe)
Recently, AhnLab SEcurity intelligence Center (ASEC) identified the distribution of XLoader malware using the DLL side-loading technique. The DLL side-loading attack technique saves a normal application and a malicious DLL in the same folder path to enable the malicious DLL to also be executed when the application is run. The
FormBook Malware Being Distributed as .NET
AhnLab’s ani-malware software, V3, detects and responds to malware with a variety of detection features including the App Isolate Scan feature. The App Isolate Scan detects and quarantines suspicious processes. This allows quarantining malware such as Infostealer and downloader in a virtual environment for detection. Therefore, V3 can protect users
Method that Tricks Users to Perceive Attachment of PDF File as Safe File
The ASEC analysis team has discovered the distribution of info-stealer malware using Attachment feature of PDF files. This attack method was discovered previously, but as the malware of this type has resurfaced and is being actively distributed, the team would like to share the information. Note that the attacker used
Change in Distribution Method of Malware Disguised as Estimate (VBS Script)
Last year, the ASEC analysis team has discovered the distribution of Formbook that used a certain company’s name in its filename. Recently, the team has discovered that it is being distributed via VBS file. The email used for distribution still contains details about a request for an estimate, and by
Received Estimate/Purchase Order Email? Take Caution When Opening Them!
With the start of 2021, malicious emails disguised as business emails are being discovered as numerous companies have started their business. Thus, users must remain vigilant when opening email. The discovered attacks used e-mails disguised as business-related content, such as ‘estimate request’ or ‘purchase orders,’ with malicious files attached. Upon
