Android Malware & Security Issue 1st Week of August, 2024
ASEC Blog publishes “Android Malware & Security Issue 1st Week of August, 2024”
Analysis Report on Malicious App Using Steganography
1. Overview Steganography is a data hiding technique that involves embedding data to be concealed within a normal file. It is commonly used in Windows environments to insert malware into a normal file to evade detection by anti-malware products and aims to operate covertly when the program is executed.
New InnoSetup Malware Created Upon Each Download Attempt
AhnLab SEcurity intelligence Center (ASEC) has discovered the distribution of a new type of malware that is disguised as cracks and commercial tools. Unlike past malware which performed malicious behaviors immediately upon being executed, this malware displays an installer UI and malicious behaviors are executed upon clicking buttons during the
Keylogger Installed Using MS Office Equation Editor Vulnerability (Kimsuky)
AhnLab SEcurity intelligence Center (ASEC) has identified the details of the Kimsuky threat group recently exploiting a vulnerability (CVE-2017-11882) in the equation editor included in MS Office (EQNEDT32.EXE) to distribute a keylogger. The threat actor distributed the keylogger by exploiting the vulnerability to run a page with an embedded malicious
Distribution of MSIX Malware Disguised as Notion Installer
An MSIX malware disguised as the Notion installer is being distributed. The distribution website looks similar to that of the actual Notion homepage. The user gets a file named “Notion-x86.msix” upon clicking the download button. This file is Windows app installer, and it is signed with a valid certificate.
Vidar Stealer Exploiting Various Platforms
Vidar Malware is one of the active Infostealers, and its distribution has been significantly increasing. Its characteristics include the use of famous platforms such as Telegram and Mastodon as an intermediary C2. The link below is a post about a case where malicious behaviors were performed using Mastodon. Vidar Exploiting
Word Documents Disguised as Normal MS Office URLs Being Distributed
Recently, there has been a case of malware disguised as a Word document being distributed through certain paths (e.g. KakaoTalk group chats). The ASEC analysis team has discovered during our additional monitoring process that the URL used in the fake Word document is becoming very cleverly disguised to closely resemble the
Koxic Ransomware Being Distributed in Korea
It has been discovered that Koxic ransomware is being distributed in Korea. It was first identified earlier this year, and recently, the team found that a file with a modified appearance and internal ransom note had been detected and blocked via the ASD infrastructure. When infected, the “.KOXIC_[random string]” extension
Emotet Being Distributed Again via Excel Files After 6 Months
Over multiple blog posts, the ASEC analysis team has released information on the distribution of Emotet which had been modified in many different ways. It has recently been identified that the Emotet malware has become active again. Around six months have elapsed since the last active distribution. This post will
Distribution of Word File (External + RTF) Modified to Avoid Detection
Malicious MS Office Word documents have long been used for the distribution of additional RTF malware by exploiting the fact that Word files allow external connection. However, AhnLab has identified the files that seem to have been made to avoid anti-malware detection are being distributed in Korea. Distribution of RTF
