Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in April 2024
Statistics on Malware Distributed to Financial Sectors Statistics on Korean Accounts Exfiltrated Via Telegram by Industry Phishing Email Distribution Cases Targeting the Financial Sector Case 1. Targeting Yuanta Securities employees using the guise of product orders Impersonation target – Product order How the phishing attack
Distribution of Infostealer Made With Electron
AhnLab SEcurity intelligence Center (ASEC) has discovered an Infostealer strain made with Electron. Electron is a framework that allows one to develop apps using JavaScript, HTML, and CSS. Discord and Microsoft VSCode are major examples of applications made with Electron. Apps made with Electron are packaged and usually distributed in
Statistics Report on Malware Threat in Q1 2024
Overview AhnLab uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q1 2024. The malware included in the statistics are in the executable format. These were reported
Security Issues in Korean & Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in March 2024
Statistics on Malware Distributed to Financial Sectors Statistics on Korean Accounts Exfiltrated Via Telegram by Industry Phishing Email Distribution Cases Targeting the Financial Sector Case 1. Targeting Korea Investment & Securities Co., Ltd. employees by disguising as a voice mail Impersonation target Voice mail How the Phishing
Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2)
AhnLab SEcurity intelligence Center (ASEC) recently found that there are a growing number of cases where threat actors use YouTube to distribute malware. The attackers do not simply create YouTube channels and distribute malware—they are stealing well-known channels that already exist to achieve their goal. In one of the cases,
Infostealers Extorting Web Browser Account Credentials Detected by AhnLab EDR
Web browsers are some of the programs most commonly and frequently used by PC users. Users generally use browsers to look up information, send and receive emails, and use web services such as shopping. This is the case for both individual users and employees conducting business in companies. To use
Warning Against Infostealer Disguised as Installer
The StealC malware disguised as an installer is being distributed en masse. It was identified as being downloaded via Discord, GitHub, Dropbox, etc. Considering the cases of distribution using similar routes, it is expected to redirect victims multiple times from a malicious webpage disguised as a download page for a
Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in February 2024
Statistics of Malware in Distribution Targeting the Financial Sector Top 10 Major Malware Targeting the Financial Sector Attack Stage Malware Type MD5 Hash Stage 1 Phishing f7db2045ef80e8e4c86db829ec0b6ee6 Stage 1 WebShell b597418bea2ff4da50540ed191e1bb55 Stage 2 HackTool 18cfc7e41afdeb10b15a54e6e39f0463 Stage 2 HackTool 110dde62258542a1bcdc15a2af5b54d2 Stage 2 Dropper 19c2decfa7271fa30e48d4750c1d18c1 Stage 2 Dropper 27ef6917fe32685fdf9b755eb8e97565
Distribution of MSIX Malware Disguised as Notion Installer
An MSIX malware disguised as the Notion installer is being distributed. The distribution website looks similar to that of the actual Notion homepage. The user gets a file named “Notion-x86.msix” upon clicking the download button. This file is Windows app installer, and it is signed with a valid certificate.
Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in January 2024
Statistics of Malware Targeting the Financial Sector Top 10 Major Malware Targeting the Financial Sector Attack Phase Malware Category MD5 Hash Phase 1 Phishing F57FA515AFB84F034B5025CF597C2AB4 Phase 1 Phishing 03267C03B3511FEFE59C54E582E7A7C9 Phase 2 Backdoor 82D0F2A189262D9555D6DB9723645D07 Phase 2 Backdoor 2F06DD4E6D4C72032CDE55C3D0E88FD3 Phase 2 Downloader 87982F1F940CC4AD215CE2DD3FE45678 Phase 2 Dropper 06AF7E3BD05111DA4DEBC5454B92ED0E Phase 3
