malware

Method that Tricks Users to Perceive Attachment of PDF File as Safe File

The ASEC analysis team has discovered the distribution of info-stealer malware using Attachment feature of PDF files. This attack method was discovered previously, but as the malware of this type has resurfaced and is being actively distributed, the team would like to share the information. Note that the attacker used a simple trick of using the attachment’s name to deceive users. Acrobat Reader has a feature of adding attachments to PDF files. Files with extensions such as .bin/.exe/.bat/.chm are blacklisted…

[Caution] Virus/XLS Xanpei Infecting Normal Excel Files

The ASEC analysis team has recently discovered the constant distribution of malware strains that spread the infection when Excel file is opened. Besides infecting normal Excel files, they can also perform additional malicious behaviors such as acting as a downloader and performing DNS Spoofing, therefore, users need to take great caution. The common trait of the malware strains is to spread the virus through the VBA (Visual Basic for Applications) codes included in Excel files. Upon opening the infected Excel…

Distribution of ClipBanker Disguised as Malware Creation Tool

The ASEC analysis team has recently discovered a distribution of ClipBanker disguised as a malware creation tool. ClipBanker is a malware that monitors the clipboard of the infected system. If a string for a coin wallet address is copied, the malware changes it to the address designated by the attacker. Such type of malware has been continuously distributed since the past. The website that distributes ClipBanker is called ‘Russia black hat’ as shown below. It has various programs related to…

Distribution of Remcos RAT Disguised as Tax Invoice

The ASEC analysis team has discovered Remcos RAT being distributed under the disguise of a tax invoice. The content and the type of phishing email are similar to the type that has been consistently discussed in previous blogs. Within the email, it has a short message written in awkward grammar. As users who are doing tax-related work may run the executable without a second thought about what’s written within the email, caution is advised. Upon decompressing the attachment ‘Tax.gz’, an…

New Infostealer ‘ColdStealer’ Being Distributed

The ASEC analysis team has discovered the distribution of ColdStealer that appears to be a new type of infostealer. The malware disguises itself as a software download for cracks and tools, a distribution method that was mentioned multiple times in previous ASEC blog posts. There are two cases for this type of malware distribution: 1. Distributing a single type of malware such as CryptBot or RedLine2. Dropper-type malware decompressing and executing various internal malware strains ColdStealer was distributed with the…