RAT Tool Disguised as Solution File (*.sln) Being Distributed on Github
The ASEC analysis team has recently discovered the distribution of a RAT Tool disguised as a solution file (*.sln) on GitHub. As shown in Figure 1, the malware distributor is sharing a source code on GitHub titled “Jpg Png Exploit Downloader Fud Cryter Malware Builder Cve 2022”. The file composition
New Info-stealer Disguised as Crack Being Distributed
The ASEC analysis team has previously uploaded posts about various malware types that are being distributed by disguising themselves as software cracks and installers. CryptBot, RedLine, and Vidar are major example cases. Recently, a single malware type of RedLine has disappeared (it is still being distributed as a dropper type)
Method that Tricks Users to Perceive Attachment of PDF File as Safe File
The ASEC analysis team has discovered the distribution of info-stealer malware using Attachment feature of PDF files. This attack method was discovered previously, but as the malware of this type has resurfaced and is being actively distributed, the team would like to share the information. Note that the attacker used
Distribution of ClipBanker Disguised as Malware Creation Tool
The ASEC analysis team has recently discovered a distribution of ClipBanker disguised as a malware creation tool. ClipBanker is a malware that monitors the clipboard of the infected system. If a string for a coin wallet address is copied, the malware changes it to the address designated by the attacker.
Distribution of Remcos RAT Disguised as Tax Invoice
The ASEC analysis team has discovered Remcos RAT being distributed under the disguise of a tax invoice. The content and the type of phishing email are similar to the type that has been consistently discussed in previous blogs. Within the email, it has a short message written in awkward grammar.
Increased Phishing Attacks Disguised as Microsoft
The ASEC analysis team has recently discovered phishing emails disguised as Microsoft login pages. As shown in the figure below, one of the collected samples is disguised as the company’s voice message to prompt users to click the attached playback file. Clicking the file redirects users to a phishing webpage
Phishing Script Files Being Distributed by Impersonating Various Groupware
The ASEC analysis team introduced ‘phishing websites targeting Korean email service users’ last year May through the TI analysis report and ASEC blog post. The team showed back then how the attackers leaked user credentials targeting users of NAVER WORKS, MAILPLUG, hiworks, Chollian, and Daum. Files that disguise themselves as
Dridex Distributed with “Merry Christmas!” Excel File
The ASEC analysis team has discovered Excel files with Dridex downloader being distributed during the Christmas season. The team has continuously been uploading posts in the ASEC blog about the distribution of Dridex with the Excel file macro (see links below). Dridex is a banking malware that collects a user’s
Malicious PowerPoint Files Constantly Being Distributed
On April 2021, the ASEC analysis team introduced the malware delivered via PowerPoint files attached to email in the ASEC blog. The team has found continuous malicious activities that use PPAM files in the form of PowerPoint and thus is sharing them. When a macro included in the PowerPoint is
Malware Disguised as Job Offer Letter
The ASEC analysis team has recently discovered that KPOT Infostealer is being distributed via spam mails containing word files. There has been a number of cases ultimately downloading Infostealer programs when the macro was enabled, but this case is noticeable in that it used a word file with a particular
