InfoStealer

Infostealer Malware Azorult Being Distributed Through Spam Mails

The ASEC analysis team recently discovered that Azorult malware is being distributed through spam mails. Azorult is a kind of Infostealer that accesses a C&C server to receive DLL files and commands used to leak information, and steals information such as user data files and account information to leak it to the server. Besides account information of web browsers and email clients, screenshots, cryptocurrency information, and files designated by the attacker with certain paths and extensions can be collected as…

Vidar Info-Stealer Abusing Game Platform

The ASEC analysis team has recently found out that the Vidar info-stealer malware is abusing a game matching program named Faceit to create C&C server URL. Vidar is malware that has been steadily distributed from the past disguised as spam mail, PUP, and KMSAuto authentication tool. Before it performs info-stealing activities, it connects to C&C server to receive commands and download additional DLL files to collect user information. In the past, the malware simply connected to C&C server and received…

Lokibot Malware Disguised as Phishing E-mail Requesting for Estimate

ASEC analysis team has discovered the distribution of Lokibot malware disguised as an estimate request e-mail. Lokibot malware has been distributed continually over several years, and a closer look at the weekly malware statistics uploaded to the ASEC blog reveals the fact that Lokibot consistently remained high on the weekly statistics list. The recently-discovered Lokibot malware is being distributed as an attachment file within the phishing mail, and its notable characteristic is the CAB/LZH archive file format. The e-mail is…

Malware Being Sneakily Installed in My PC-BeamWinHTTP Malware

The weekly malware statistics which ASEC analysis team uploads every week show that the number of occurrences for a downloader type malware named BeamWinHTTP has been on the rise for the last few weeks. According to the last ASEC weekly malware statistics, BeamWinHTTP malware is one of the top 3 most distributed malware. Since it downloads various types of malware when run, users must take extra caution. BeamWinHTTP malware is executed by a PUP installer, and users who attempt to…

Distribution of Malware via Resume/Copyright-Related Emails (Ransomware, Infostealer)

ASEC analysis team has confirmed the malware under the disguise of a resume is still being distributed. This time, it disguised as resume and copyright-related files. The file that is being recently distributed also takes the form of NSIS (Nullsoft Scriptable Install System) and is being distributed under various filenames as translated below. Outline on the original image (the image I created) and the image you are currently using.exe You have violated copyright laws and here is the summary of…