RMM Tools (Syncro, SuperOps, NinjaOne, etc.) Being Distributed Disguised as Video Files
AhnLab SEcurity intelligence Center (ASEC) recently discovered cases of attacks using RMM tools such as Syncro, SuperOps, NinjaOne, and ScreenConnect. Threat actors distributed a PDF file that prompted users to download and run the RMM tool from a disguised distribution page such as Google Drive. The certificate used to sign
September 2025 Trends Report on Phishing Emails
This report provides the statistics, trends, and case information on the distribution quantity, attachment-based threats, and phishing emails collected and analyzed for a month in September 2025. Below is a portion of the statistics and cases included in the original report. 1) Statistics of phishing email threats In September 2025,
Phishing PDF Files Downloading Malicious Packages
AhnLab Security Emergency response Center (ASEC) observed the distribution of PDF files that contain malicious URLs. The domains linked from the PDF files indicate that similar PDFs are being distributed under the guise of downloading certain games or crack versions of program files. Below is a list of some of
Phishing PDF Files with CAPTCHA Screen Being Mass-distributed
Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by
