Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2)
AhnLab SEcurity intelligence Center (ASEC) recently found that there are a growing number of cases where threat actors use YouTube to distribute malware. The attackers do not simply create YouTube channels and distribute malware—they are stealing well-known channels that already exist to achieve their goal. In one of the cases,
Infostealers Extorting Web Browser Account Credentials Detected by AhnLab EDR
Web browsers are some of the programs most commonly and frequently used by PC users. Users generally use browsers to look up information, send and receive emails, and use web services such as shopping. This is the case for both individual users and employees conducting business in companies. To use
Warning Against Infostealer Disguised as Installer
The StealC malware disguised as an installer is being distributed en masse. It was identified as being downloaded via Discord, GitHub, Dropbox, etc. Considering the cases of distribution using similar routes, it is expected to redirect victims multiple times from a malicious webpage disguised as a download page for a
Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in February 2024
Statistics of Malware in Distribution Targeting the Financial Sector Top 10 Major Malware Targeting the Financial Sector Attack Stage Malware Type MD5 Hash Stage 1 Phishing f7db2045ef80e8e4c86db829ec0b6ee6 Stage 1 WebShell b597418bea2ff4da50540ed191e1bb55 Stage 2 HackTool 18cfc7e41afdeb10b15a54e6e39f0463 Stage 2 HackTool 110dde62258542a1bcdc15a2af5b54d2 Stage 2 Dropper 19c2decfa7271fa30e48d4750c1d18c1 Stage 2 Dropper 27ef6917fe32685fdf9b755eb8e97565
Distribution of MSIX Malware Disguised as Notion Installer
An MSIX malware disguised as the Notion installer is being distributed. The distribution website looks similar to that of the actual Notion homepage. The user gets a file named “Notion-x86.msix” upon clicking the download button. This file is Windows app installer, and it is signed with a valid certificate.
Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in January 2024
Statistics of Malware Targeting the Financial Sector Top 10 Major Malware Targeting the Financial Sector Attack Phase Malware Category MD5 Hash Phase 1 Phishing F57FA515AFB84F034B5025CF597C2AB4 Phase 1 Phishing 03267C03B3511FEFE59C54E582E7A7C9 Phase 2 Backdoor 82D0F2A189262D9555D6DB9723645D07 Phase 2 Backdoor 2F06DD4E6D4C72032CDE55C3D0E88FD3 Phase 2 Downloader 87982F1F940CC4AD215CE2DD3FE45678 Phase 2 Dropper 06AF7E3BD05111DA4DEBC5454B92ED0E Phase 3
Statistics Report on Malware Threat in Q4 2023
Overview AhnLab uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q4 2023. The malware included in the statistics are in the executable format. These were reported
Infostealer Being Distributed via Spam Email (AgentTesla)
AhnLab Security Emergency response Center (ASEC) spotted the AgentTesla Infostealer being distributed through an email in the form of a malicious BAT file. When the BAT file is executed, it employs the fileless method to run AgentTesla (EXE) without creating the file on the user’s PC. This blog post will
Caution When Using 3CX DesktopApp (CVE-2023-29059)
Overview Details about how supply chains were attacked through the 3CX DesktopApp were published. [1] This software provides users with various communication functions, such as voice calls and video conferences, and can be operated on both Windows and MAC operating systems. Currently, the 3CX company is preparing to issue a new
AsyncRAT Being Distributed as Windows Help File (*.chm)
The distribution method of malware has been diversifying as of late. Among these methods, a malware strain that uses the Windows Help file (*.chm) has been on the rise since last year, and has been covered multiple times in ASEC blog posts like the ones listed below. APT Attack Being
