Mobile Security & Malware Issue 4st Week of November, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of November, 2025”
October 2025 APT Attack Trends Report (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in October 2025. Figure 1. Statistics of APT attacks in South Korea in October 2025
Distribution of Backdoor Malware with Legitimate Signature, Disguised as Steam Cleanup Tool
Multiple cases have been reported where malware disguised as the “SteamCleaner” tool for cleaning the popular game platform Steam client is being distributed. When a system is infected with this malware, a malicious Node.js script resides on the user’s PC and communicates with the C2 server periodically, allowing threat actors
September 2025 APT Attack Trends Report (South Korea)
Overview Ahnlabs is monitoring APT (Advanced Persistent Threat) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in September 2025. Figure 1. Statistics of APT attacks in September 2025 In Korea, most
Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project
AhnLab SEcurity intelligence Center (ASEC) has recently discovered the massive distribution of SmartLoader malware through GitHub repositories. These repositories are carefully crafted to appear as legitimate projects and are attracting user interest by focusing on topics such as game cheats, software cracks, and automation tools. Each repository contains a README
GitHub Product Security Update Advisory (CVE-2025-3509)
Overview We have released security updates to fix vulnerabilities in GitHub products. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-3509 Enterprise Server Versions: 3.13.14 and earlierEnterprise Server Versions: 3.14.11 and earlierEnterprise Server Versions: 3.15.6 and earlierEnterprise Server Versions: 3.16.2 and
January 2025 Threat Trend Report on APT Attacks (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that have been identified over the course of a month in January 2025, as well as the features of each attack
APT Attack Disguised as a Research Paper on Russia-North Korea Partnership (Kimsuky)
AhnLab SEcurity intelligence Center (ASEC) has recently discovered an APT attack targeting Korean users. During the attack, the threat actor used a GitHub repository, which was uploaded with various malicious scripts and normal decoy files used for the attack. Figure 1. Threat actor’s GitHub repository Malicious behaviors are performed
Malware Disguised as Browser Update
Recently, AhnLab SEcurity intelligence Center (ASEC) identified the distribution of malware disguised as a browser update targeting a wide range of users. This malware is distributed through infected websites, and when users visit these sites, malicious scripts are loaded. The scripts create fake update windows for browsers like Chrome or
GitHub Enterprise Server (GHES) Product Security Update Advisory (CVE-2024-6800)
Overview An update has been released to address vulnerabilities in the GitHub Enterprise Server(GHES)...
