malware

Malicious PowerPoint Files Constantly Being Distributed

On April 2021, the ASEC analysis team introduced the malware delivered via PowerPoint files attached to email in the ASEC blog. The team has found continuous malicious activities that use PPAM files in the form of PowerPoint and thus is sharing them. When a macro included in the PowerPoint is executed, it used mshta.exe to use blogspot website source inserted with a malicious script to attack. However, a distinct feature of this case is that it became more complicated with…

APT Attacks Using PDF Files, Possibly by North Korea Related Group

Targeted attacks using PDF files have been confirmed, and it seems the group related to North Korea is behind these attacks. While the attack group is thought to be either Kimsuky or Thallium, it might be another group that mimicked those two. The related information was already reported in the press, but this post will additionally reveal previously undisclosed IOC and analysis information such as environments for vulnerabilities. The attacker used PDF files as bait. Malicious JavaScript included in the…

NanoCore RAT Disguised as Notification of Foreign Currency Remittance Being Spread!

The ASEC analysis team recently discovered that the NanoCore remote access Trojan (RAT) disguised as notification of foreign currency remittance was distributed. Because the malware is usually spread through phishing mails, users need to take extra caution. The mail impersonates a capital company and is distributed with the title “[** Capital] Notification for Foreign Currency Remittance” as shown below, tricking the user to check the attached file and run it. It is assumed that the sender took an image that…

Malware Disguised as Job Offer Letter

The ASEC analysis team has recently discovered that KPOT Infostealer is being distributed via spam mails containing word files. There has been a number of cases ultimately downloading Infostealer programs when the macro was enabled, but this case is noticeable in that it used a word file with a particular password in a spam mail disguised as a job offer letter to trick users. While how the e-mail came to be spread has not yet been identified, it appears that…

Fileless Remcos RAT Malware Delivery

The ASEC analysis team identified that Remcos RAT malware is being distributed through malicious macros in Excel files. As for the malware, the team introduced it in detail in the post linked below this text. While the method of coming into the system through spam mails is the same as before, it should be noted that the Remcos RAT malware is ultimately delivered filelessly after going through multiple loader stages. In summary, the overall operation method is as follows: The attacker attaches…