Proxyware Disguised as Notepad++ Tool
AhnLab SEcurity intelligence Center(ASEC) is monitoring Proxyjacking attacks and continuously disclosing distribution cases and IoCs identified in South Korea. The threat actor Larva‑25012, known for deploying Proxyware, has recently begun using malware disguised as a Notepad++ installer. In addition, the attacker is actively changing techniques to evade detection—such as injecting
Persistent Threats from the Kimsuky Group Using RDP Wrapper
AhnLab SEcurity intelligence Center (ASEC) has previously analyzed cases of attacks by the Kimsuky group, which utilized the PebbleDash backdoor and their custom-made RDP Wrapper. The Kimsuky group has been continuously launching attacks of the same type, and this post will cover additional malware that have been identified. 1.
