Sliver C2 Being Distributed Through Korean Program Development Company Posted By Sanseo , August 1, 2023 In the past, AhnLab Security Emergency response Center (ASEC) had shared the “SparkRAT Being Distributed Within a Korean VPN Installer” [1] case post and the “Analysis of Attack Cases: From Korean VPN Installations to MeshAgent Infections” [2] case post which covered the SparkRAT malware being distributed through a Korean VPN service provider’s installer. ASEC has recently identified similar malware strains being distributed while being disguised as setup files for Korean VPN service providers and marketing program producers. Unlike the past…
Analysis of Attack Cases: From Korean VPN Installations to MeshAgent Infections Posted By Sanseo , May 26, 2023 AhnLab Security Emergency response Center (ASEC) has previously covered the case where SparkRAT was distributed contained within a Korean VPN’s installer in the post, “SparkRAT Being Distributed Within a Korean VPN Installer”[1]. This VPN was commonly installed by Chinese users who required better access to the Internet, and the problem was addressed after the blog post was uploaded. However, there have been recent cases indicating the resurgence of malware distributing SparkRAT through the installer of the same VPN company. The…
