Statistics Report on Malware Threat in Q4 2023
Overview AhnLab uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q4 2023. The malware included in the statistics are in the executable format. These were reported
Infostealer Being Distributed via Spam Email (AgentTesla)
AhnLab Security Emergency response Center (ASEC) spotted the AgentTesla Infostealer being distributed through an email in the form of a malicious BAT file. When the BAT file is executed, it employs the fileless method to run AgentTesla (EXE) without creating the file on the user’s PC. This blog post will
Caution When Using 3CX DesktopApp (CVE-2023-29059)
Overview Details about how supply chains were attacked through the 3CX DesktopApp were published. [1] This software provides users with various communication functions, such as voice calls and video conferences, and can be operated on both Windows and MAC operating systems. Currently, the 3CX company is preparing to issue a new
AsyncRAT Being Distributed as Windows Help File (*.chm)
The distribution method of malware has been diversifying as of late. Among these methods, a malware strain that uses the Windows Help file (*.chm) has been on the rise since last year, and has been covered multiple times in ASEC blog posts like the ones listed below. APT Attack Being
Vidar Stealer Exploiting Various Platforms
Vidar Malware is one of the active Infostealers, and its distribution has been significantly increasing. Its characteristics include the use of famous platforms such as Telegram and Mastodon as an intermediary C2. The link below is a post about a case where malicious behaviors were performed using Mastodon. Vidar Exploiting
Malware Distributed with Disguised Filenames (RIGHT-TO-LEFT OVERRIDE)
In August, the ASEC analysis team made a post on the malware being distributed with filenames that utilize RTLO (Right-To-Left Override). RTLO is a unicode that makes an override from right to left. This type of malware induces users to execute its files by mixing filenames with extensions, with its
FormBook Malware Being Distributed as .NET
AhnLab’s ani-malware software, V3, detects and responds to malware with a variety of detection features including the App Isolate Scan feature. The App Isolate Scan detects and quarantines suspicious processes. This allows quarantining malware such as Infostealer and downloader in a virtual environment for detection. Therefore, V3 can protect users
Amadey Bot Being Distributed Through SmokeLoader
Amadey Bot, a malware that was first discovered in 2018, is capable of stealing information and installing additional malware by receiving commands from the attacker. Like other malware strains, it has been sold in illegal forums and used by various attackers. The ASEC analysis team previously revealed cases where Amadey
New Info-stealer Disguised as Crack Being Distributed
The ASEC analysis team has previously uploaded posts about various malware types that are being distributed by disguising themselves as software cracks and installers. CryptBot, RedLine, and Vidar are major example cases. Recently, a single malware type of RedLine has disappeared (it is still being distributed as a dropper type)
XLL Malware Distributed Through Email
Malware strains have been created and distributed in various forms and types. As such, the ASEC analysis team is actively monitoring and analyzing such changes to allow AhnLab products to detect them. This post will introduce XLL malware that was discovered being distributed last year. XLL files are Microsoft Excel
