Warning Against Infostealer Infections Upon Executing Legitimate EXE Files (DLL Hijacking) Posted By KDH , November 1, 2023 Caution is advised as an Infostealer that prompts the execution of legitimate EXE files is actively being distributed. The threat actor is distributing a legitimate EXE file with a valid signature and a malicious DLL compressed in the same directory. The EXE file itself is legitimate, but when executed in the same directory as the malicious DLL, it automatically runs that malicious DLL. This technique is called DLL hijacking and is often used in the distribution of malware. The distribution…
Infostealer Being Distributed via Spam Email (AgentTesla) Posted By ohmintaek , October 10, 2023 AhnLab Security Emergency response Center (ASEC) spotted the AgentTesla Infostealer being distributed through an email in the form of a malicious BAT file. When the BAT file is executed, it employs the fileless method to run AgentTesla (EXE) without creating the file on the user’s PC. This blog post will provide an explanation of the distribution process, from the spam email to the final binary (AgentTesla), along with related techniques. Figure 1 shows the body of the spam email distributing…
Caution When Using 3CX DesktopApp (CVE-2023-29059) Posted By choeyul , April 5, 2023 Overview Details about how supply chains were attacked through the 3CX DesktopApp were published. [1] This software provides users with various communication functions, such as voice calls and video conferences, and can be operated on both Windows and MAC operating systems. Currently, the 3CX company is preparing to issue a new certificate, and until then, they are instructing users to use an alternative software. Description Regarding this, the distributed malware are confirmed to include modules that perform malicious functions and are…
AsyncRAT Being Distributed as Windows Help File (*.chm) Posted By gygy0101 , February 13, 2023 The distribution method of malware has been diversifying as of late. Among these methods, a malware strain that uses the Windows Help file (*.chm) has been on the rise since last year, and has been covered multiple times in ASEC blog posts like the ones listed below. Recently, the distribution of AsyncRAT through CHM has been confirmed. The overall operation process is shown in Figure 1, and each step will be explained below. First, unlike the types covered in the…
Vidar Stealer Exploiting Various Platforms Posted By jcleebobgatenet , December 22, 2022 Vidar Malware is one of the active Infostealers, and its distribution has been significantly increasing. Its characteristics include the use of famous platforms such as Telegram and Mastodon as an intermediary C2. The link below is a post about a case where malicious behaviors were performed using Mastodon. Even afterward, Vidar saw continuous version updates while actively being distributed. In the recent samples in circulation, various other platforms such as Steam and TikTok were used aside from Telegram and Mastodon….
