Ransom & Dark Web Issues Week 4, May 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, May 2025 Six global hospitality companies listed as new victims of the Stormous ransomware. An unidentified South Korean company listed as a new victim of the Devman ransomware. Europol and Microsoft conduct an
April 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on the distribution of Infostealer malware, including the distribution volume, methods, and disguises, based on the data collected and analyzed in April 2025. The following is a summary of the report. 1) Data Source and Collection Method The AhnLab SEcurity
March 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on the distribution quantity, distribution methods, and disguise techniques of Infostealer collected and analyzed during March 2025. Below is a summary of the report. 1. Data Sources and Collection Methods To proactively repond to Infostealer, AhnLab SEcurity intelligence Center (ASEC)
February 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on the distribution quantity, distribution methods, and disguise techniques of Infostealer collected and analyzed during February 2025. Below is a summary of the report. 1. Data Sources and Collection Methods To proactively repond to Infostealer, AhnLab SEcurity intelligence Center (ASEC)
LummaC2 Malware Distributed Disguised as Total Commander Crack
AhnLab SEcurity intelligence Center (ASEC) has discovered the LummaC2 malware being distributed disguised as the Total Commander tool. Total Commander is a file manager for Windows that supports various file formats. It offers convenient file management features such as copy and move features, advanced search using strings within files, folder
ACRStealer Infostealer Exploiting Google Docs as C2
AhnLab SEcurity intelligence Center (ASEC) monitors the Infostealer malware disguised as illegal programs such as cracks and keygens being distributed, and publishes related trends and changes through the Ahnlab TIP and ASEC Blog posts. While the majority of the malware distributed in this manner has been the LummaC2 Infostealer, the
January 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on the distribution quantity, distribution methods, and disguise techniques of Infostealer collected and analyzed during January 2025. Below is a summary of the report’s content. 1. Data Sources and Collection Methods To proactively respond to Infostealer, AhnLab Security Emergency response
Infostealer LummaC2 Spreading Through Fake CAPTCHA Verification Page
AhnLab SEcurity intelligence Center (ASEC) previously introduced the DarkGate malware which spreads using the paste function in a blog post. Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V) The distribution method in this case initially involved spreading malware through HTML attachments disguised as MS Word files in
Distribution of LummaC2 Infostealer Based on Legitimate Programs
LummaC2 is an Infostealer actively being distributed while being disguised as illegal software such as cracks, and its distribution and creation methods are changing continuously. It has recently been distributed by being inserted into legitimate programs, so caution is needed. Figure 1. Malware distribution page examples When LummaC2
Distribution of SectopRAT (ArechClient2) Disguised as Notion Installer
Notion is a collaboration tool providing features to manage projects and record them, used by many worldwide. Such popular programs may become targeted by threat actors since attackers can create web pages uploaded with malware strains that pretend to offer legitimate programs. Users may end up downloading malware when
