malware

Continuously Changing Malicious Word Macro Being Distributed – Trend of TA551

The ASEC analysis team has been continuously updating the blog with information on malicious macro files and has been urging users to take caution. This post will introduce a type of word macro file distributed recently by the attack group TA551, showing changes in an average of 1 week. For the distribution of malware, the group usually sends documents that contain malicious macros using emails. The operation method of the DOC file that downloads additional malware after dropping HTA file…

Caution! Malicious Excel Macros Being Distributed Indiscriminately Through Emails!

The ASEC analysis team discovered that excel files containing the same type of malicious macros are being distributed indiscriminately through emails. Such excel files contain macros that additionally download malware. Recently, it was found that reply mails targeting random people were added with threatening text and malicious excel macro files. One feature that the three collected emails share is that they all disguise themselves as reply mails and distribute malicious macro excel files. In the example of Figure 3, the…

Attack Against Ukrainian Ministry of Defense Using E-mail Disguised as Free Bitcoin Reward

ASEC analysis team has confirmed the distribution of malicious e-mail disguised as a free Bitcoin reward that targets specific individuals in Ukrainian Ministry of Defense. This malware uses a recent hot topic, Bitcoin, and tricks people into downloading the end-stage malware through various methods. Upon downloading the PDF file attached to the e-mail, the user can see the content of the PDF file which states that Bitcoin can be received for free if the user accesses the short URL written…

Lokibot Malware Disguised as Phishing E-mail Requesting for Estimate

ASEC analysis team has discovered the distribution of Lokibot malware disguised as an estimate request e-mail. Lokibot malware has been distributed continually over several years, and a closer look at the weekly malware statistics uploaded to the ASEC blog reveals the fact that Lokibot consistently remained high on the weekly statistics list. The recently-discovered Lokibot malware is being distributed as an attachment file within the phishing mail, and its notable characteristic is the CAB/LZH archive file format. The e-mail is…

Malware Being Sneakily Installed in My PC-BeamWinHTTP Malware

The weekly malware statistics which ASEC analysis team uploads every week show that the number of occurrences for a downloader type malware named BeamWinHTTP has been on the rise for the last few weeks. According to the last ASEC weekly malware statistics, BeamWinHTTP malware is one of the top 3 most distributed malware. Since it downloads various types of malware when run, users must take extra caution. BeamWinHTTP malware is executed by a PUP installer, and users who attempt to…