phishing

NSIS Type of LockBit 3.0 Ransomware Disguised as Job Application Emails Being Distributed

In February and June, the ASEC Analysis team posted in the blog about LockBit 2.0 ransomware being distributed via email. In this blog, we will introduce the new version of the LockBit 3.0 ransomware that is still being distributed through similar method. While in June there were multiple cases of the ransomware being distributed disguised as a copyright-related email, recently it is being distributed as a phishing email disguised as an email on the subject of job applications. As shown in…

Phishing Websites Disguised as Korean Groupware Login Website Being Distributed

The ASEC analysis team has been building a honeypot to collect various malware strains that are being distributed both in Korea and overseas. The honeypot also collects phishing emails and recently caught one targeting Korean users, which was being distributed continuously to Korean email accounts only since August. The phishing website the email is redirected to is disguised as a login page for a Korean groupware site, and over 2,500 cases were confirmed to access the website. Thus users must…

Phishing Email Disguised as Korean Web Portal Page (Daum)

On July 21st, the ASEC analysis team discovered the distribution of phishing email disguised as Daum, one of Korea’s portal websites. The email was made to resemble an estimate request by including RFQ on the title. It uses its attachment to lead the user to a phishing webpage. The attachment is an HTML file, and opening the file automatically redirects the user to the following URL. hxxps://euoi8708twufevry4yuwfywe8y487r.herokuapp[.]com/sreverse.php After redirection, the phishing webpage (see Figure 3 on the left) disguised as…

GuLoader Disguised as Estimate Requests Being Distributed via Phishing Email

GuLoader has ranked again in Top 5 malware keywords of ASEC Weekly Malware Statistics for the first time in two years. It is a downloader malware that can download additional malware, and got its name as Google Drive is frequently used as its download URL. The ASEC analysis team has discovered that this type of malware took the most portion among Downloader malware types that were distributed during the 2nd quarter of this year (see figure below). Recently discovered case…

Bumblebee Being Distributed in Korea Through Email Hijacking

The ASEC analysis team has recently discovered the active distribution of Bumblebee, a downloader type malware. It is distributed using phishing emails in ISO file, and this file contains a shortcut and malicious DLL file. There were also cases of malware being distributed to Korean users through email hijacking. The image below shows phishing emails distributing Bumblebee. They hijacked normal emails and were sent to users as replies with malicious attachments. Users who receive the email may open the attachment…