Vidar Infostealer Being Spread through Phishing Emails

Vidar Infostealer Being Spread through Phishing Emails

1. Overview First identified in 2018, Vidar operates under a Malware-as-a-Service (MaaS) model and continues to be distributed through various attack cases to this day. AhnLab SEcurity intelligence Center (ASEC) has been monitoring cases of Vidar distribution targeting Korea, and this report summarizes the Vidar distribution cases identified in the

UNC5174 Group’s Discord Bot Backdoor Malware

UNC5174 Group’s Discord Bot Backdoor Malware

Recently, AhnLab SEcurity intelligence Center (ASEC) has identified an attack leveraging a backdoor malware that uses the Discord API to establish a Command and Control (C2) infrastructure, linked to the UNC5174 threat group [1]). UNC5174 employs an operational strategy designed to maintain long-term control after initial compromise by sequentially deploying

DDoS IRC Bot Malware (GoLang) Being Distributed via Webhards

DDoS IRC Bot Malware (GoLang) Being Distributed via Webhards

While monitoring the distribution source of malware in Korea, the ASEC analysis team has discovered that DDoS IRC Bot strains disguised as adult games are being installed via webhards. Webhards are platforms commonly used for the distribution of malware in Korea, where njRAT and UDP Rat were distributed in the