NanoCore RAT Disguised as Notification of Foreign Currency Remittance Being Spread! Posted By jcleebobgatenet , August 23, 2021 The ASEC analysis team recently discovered that the NanoCore remote access Trojan (RAT) disguised as notification of foreign currency remittance was distributed. Because the malware is usually spread through phishing mails, users need to take extra caution. The mail impersonates a capital company and is distributed with the title “[** Capital] Notification for Foreign Currency Remittance” as shown below, tricking the user to check the attached file and run it. It is assumed that the sender took an image that…
Malware Disguised as Job Offer Letter Posted By jcleebobgatenet , August 11, 2021 The ASEC analysis team has recently discovered that KPOT Infostealer is being distributed via spam mails containing word files. There has been a number of cases ultimately downloading Infostealer programs when the macro was enabled, but this case is noticeable in that it used a word file with a particular password in a spam mail disguised as a job offer letter to trick users. While how the e-mail came to be spread has not yet been identified, it appears that…
Fileless Remcos RAT Malware Delivery Posted By jcleebobgatenet , July 29, 2021 The ASEC analysis team identified that Remcos RAT malware is being distributed through malicious macros in Excel files. As for the malware, the team introduced it in detail in the post linked below this text. While the method of coming into the system through spam mails is the same as before, it should be noted that the Remcos RAT malware is ultimately delivered filelessly after going through multiple loader stages. In summary, the overall operation method is as follows: The attacker attaches…
Continuously Changing Malicious Word Macro Being Distributed – Trend of TA551 Posted By jcleebobgatenet , July 20, 2021 The ASEC analysis team has been continuously updating the blog with information on malicious macro files and has been urging users to take caution. This post will introduce a type of word macro file distributed recently by the attack group TA551, showing changes in an average of 1 week. For the distribution of malware, the group usually sends documents that contain malicious macros using emails. The operation method of the DOC file that downloads additional malware after dropping HTA file…
Attacker Distributing Malicious Word Document Written as Compensation Claim Form Posted By jcleebobgatenet , June 29, 2021 A malicious word document file written as ‘compensation claim form’ is being distributed again. This is speculated to be a targeted APT attack. The exact malware that used the identical document format was also discovered back in March, and the ASEC team published a post that analyzes the malware in the ASEC blog. The currently discovered word document was made recently and it contains the same content as the previous attack, but it operates differently. In this post, the team…
