Phishing Script Files Being Distributed by Impersonating Various Groupware Posted By jcleebobgatenet , February 7, 2022 The ASEC analysis team introduced ‘phishing websites targeting Korean email service users’ last year May through the TI analysis report and ASEC blog post. The team showed back then how the attackers leaked user credentials targeting users of NAVER WORKS, MAILPLUG, hiworks, Chollian, and Daum. Files that disguise themselves as company groupware login webpage to leak user account credentials are one of the common phishing types that have been distributed, with slight changes occurring in email title, content, name of…
North Korea-related Hangul Word Processor (HWP) File Being Distributed Posted By jcleebobgatenet , December 29, 2021 The ASEC analysis team has recently discovered that North Korea-related HWP file was being distributed. The operation method is not through a vulnerability, but instead, a hyperlink is inserted on the screen the user is exposed to upon running the file, prompting the user to click, and upon clicking, executables inside the file will run. Executables inside the file as such are often found in normal HWP files, and it can be considered a normal feature that is possible via…
Dridex Distributed with “Merry Christmas!” Excel File Posted By jcleebobgatenet , December 28, 2021 The ASEC analysis team has discovered Excel files with Dridex downloader being distributed during the Christmas season. The team has continuously been uploading posts in the ASEC blog about the distribution of Dridex with the Excel file macro (see links below). Dridex is a banking malware that collects a user’s banking credentials and performs malicious behaviors by receiving commands from the attacker. It is usually distributed through spam emails and performs malicious behaviors after downloading the main module through a…
Distribution of Malicious Excel Files Targeting Companies Amid Black Friday Season Posted By jcleebobgatenet , November 30, 2021 Malicious Excel files are being distributed to companies amid the Black Friday season. The email confirmed today (Nov 25th) is an email reported by the attacked company in Korea. Attached to the email is an Excel file that contains an Excel 4.0 Macro (XLM) macro sheet in the form of the XLSB excel binary. It checks whether the system is a domain controller then activates additional malicious features. The filename of the attached Excel file has a format of ‘promo…
North Korea-related Malicious Document Files Using CVE-2021-40444 Vulnerability Posted By jcleebobgatenet , November 22, 2021 The ASEC analysis team has recently discovered the distribution of malicious files that include a new vulnerability CVE-2021-40444 which was revealed by Microsoft in September. It is noteworthy that the confirmed document files are all North Korea-related materials. North Korea-related malicious files have been evolving in new ways since the past. Seeing that the attackers are using a new vulnerability, they are quickly applying the new techniques in their distribution. CVE-2021-40444 is a vulnerability that allows remote code execution of MSHTML. MSHTML…
