Malicious Excel File Disguised as an Invoice, Possibly Targeting Companies Posted By jcleebobgatenet , October 28, 2021 The ASEC analysis team has recently discovered a malicious Excel file disguised as an invoice. This file is being distributed as an e-mail attachment with the filename of Invoice-[number]_date.xlsb. The following is the malicious e-mail that is being distributed in Korea. Upon running the Excel file, editing is restricted, prompting users to click the image within the file (see figure below). As the macro is designated to this image, the user must click the image for the macro to be…
Daum Phishing E-mails Disguised as ‘Purchase Order’ being Distributed Posted By jcleebobgatenet , October 25, 2021 One of the most frequently used methods for the distribution of malware is using phishing e-mails. The ASEC analysis team has introduced specific phishing attacks as well as the types of phishing e-mails in previous blog posts. Similar to the previous cases, the team has found a phishing e-mail that aims to leak Daum account credentials. Considering that the e-mail has a specific university set as its sender and recipient (see Figure 1), it appears that it was written to…
Scam Mail Prompting Bitcoin Deposit Being Distributed Posted By jcleebobgatenet , September 28, 2021 The ASEC analysis team has confirmed that a scam mail with the purpose of stealing Bitcoins is being distributed in Korea. The mail contains information about depositing Bitcoins. When users click the malicious URL in the mail, they are redirected to a scam website. As seen below, the scam mail is distributed with the title ‘Bitcoin Payment’ and the sender disguising as Admin Support. Inside the mail is a message saying 25 BTC ($1,184,081.00 USD) was deposited in the portfolio…
CryptBot Info-stealing Malware Distributed Through Phishing Sites Posted By jcleebobgatenet , June 8, 2021 The ASEC analysis team previously introduced a phishing site distributing malware disguised as a utility program. When searching the name of the utility program with a Google search keyword, the malware is shown relatively on the top list. It is being actively distributed even now, and the infection process has been changing continually. In this post, the team will explain the infection process of the recently distributed malware file which is globally known as CryptBot. Figure 1 and Figure 2 show…
Makop Ransomware Distributed As Copyright Violation Related Materials Posted By jcleebobgatenet , May 13, 2021 The ASEC analysis team has recently shared information about the distribution of Makop ransomware disguised as job applications. This week, the team confirmed that the ransomware is being distributed via e-mails that contain materials related to copyright violation. Unlike the last time, the compressed file is attached with the .dat extension instead of .zip and to avoid the e-mail attachment scan, the date the mail was distributed was used as a password. Inside the attached file, there is a file…
