malware

Distribution of Malicious Excel Files Targeting Companies Amid Black Friday Season

Malicious Excel files are being distributed to companies amid the Black Friday season. The email confirmed today (Nov 25th) is an email reported by the attacked company in Korea. Attached to the email is an Excel file that contains an Excel 4.0 Macro (XLM) macro sheet in the form of the XLSB excel binary. It checks whether the system is a domain controller then activates additional malicious features. The filename of the attached Excel file has a format of ‘promo…

North Korea-related Malicious Document Files Using CVE-2021-40444 Vulnerability

The ASEC analysis team has recently discovered the distribution of malicious files that include a new vulnerability CVE-2021-40444 which was revealed by Microsoft in September. It is noteworthy that the confirmed document files are all North Korea-related materials. North Korea-related malicious files have been evolving in new ways since the past. Seeing that the attackers are using a new vulnerability, they are quickly applying the new techniques in their distribution. CVE-2021-40444 is a vulnerability that allows remote code execution of MSHTML. MSHTML…

Malicious Excel File Using Macro Sheets Being Distributed in Korea (2)

The ASEC analysis team has found multiple distributions of malicious excel file that uses macro sheet (Excel 4.0 Macro) via phishing email. The use of macro sheet is a method commonly used by the distributor, and such method was also used in the distribution of malware such as SquirrelWaffle and Qakbot. The malware that uses macro sheets was mentioned in the previous blogs as well. The distribution is not that different from previous methods, but considering that the files in…

Phishing PDF Files with CAPTCHA Screen Being Mass-distributed

Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by AhnLab’s ASD infrastructure since July up till now amount to 1,500,000. It appears that most of them are distributed overseas, and thus there are fewer cases of damage in Korea….

Malicious PowerPoint Files Constantly Being Distributed

On April 2021, the ASEC analysis team introduced the malware delivered via PowerPoint files attached to email in the ASEC blog. The team has found continuous malicious activities that use PPAM files in the form of PowerPoint and thus is sharing them. When a macro included in the PowerPoint is executed, it used mshta.exe to use blogspot website source inserted with a malicious script to attack. However, a distinct feature of this case is that it became more complicated with…