Dridex Distributed with “Merry Christmas!” Excel File Posted By jcleebobgatenet , December 28, 2021 The ASEC analysis team has discovered Excel files with Dridex downloader being distributed during the Christmas season. The team has continuously been uploading posts in the ASEC blog about the distribution of Dridex with the Excel file macro (see links below). Dridex is a banking malware that collects a user’s banking credentials and performs malicious behaviors by receiving commands from the attacker. It is usually distributed through spam emails and performs malicious behaviors after downloading the main module through a…
Distribution of Malicious Excel Files Targeting Companies Amid Black Friday Season Posted By jcleebobgatenet , November 30, 2021 Malicious Excel files are being distributed to companies amid the Black Friday season. The email confirmed today (Nov 25th) is an email reported by the attacked company in Korea. Attached to the email is an Excel file that contains an Excel 4.0 Macro (XLM) macro sheet in the form of the XLSB excel binary. It checks whether the system is a domain controller then activates additional malicious features. The filename of the attached Excel file has a format of ‘promo…
North Korea-related Malicious Document Files Using CVE-2021-40444 Vulnerability Posted By jcleebobgatenet , November 22, 2021 The ASEC analysis team has recently discovered the distribution of malicious files that include a new vulnerability CVE-2021-40444 which was revealed by Microsoft in September. It is noteworthy that the confirmed document files are all North Korea-related materials. North Korea-related malicious files have been evolving in new ways since the past. Seeing that the attackers are using a new vulnerability, they are quickly applying the new techniques in their distribution. CVE-2021-40444 is a vulnerability that allows remote code execution of MSHTML. MSHTML…
Malicious Excel File Using Macro Sheets Being Distributed in Korea (2) Posted By jcleebobgatenet , November 10, 2021 The ASEC analysis team has found multiple distributions of malicious excel file that uses macro sheet (Excel 4.0 Macro) via phishing email. The use of macro sheet is a method commonly used by the distributor, and such method was also used in the distribution of malware such as SquirrelWaffle and Qakbot. The malware that uses macro sheets was mentioned in the previous blogs as well. The distribution is not that different from previous methods, but considering that the files in…
Phishing PDF Files with CAPTCHA Screen Being Mass-distributed Posted By jcleebobgatenet , November 5, 2021 Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by AhnLab’s ASD infrastructure since July up till now amount to 1,500,000. It appears that most of them are distributed overseas, and thus there are fewer cases of damage in Korea….
