Phishing PDF Files with CAPTCHA Screen Being Mass-distributed Posted By jcleebobgatenet , November 5, 2021 Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by AhnLab’s ASD infrastructure since July up till now amount to 1,500,000. It appears that most of them are distributed overseas, and thus there are fewer cases of damage in Korea….
Phishing Attacks Disguised as Microsoft, Targeting Corporate Users Posted By jcleebobgatenet , November 1, 2021 The ASEC analysis team has recently discovered phishing attacks disguised as Microsoft are being sent to corporate users. As shown in the figure below, the sender of the phishing e-mail is disguised as Microsoft, and the e-mail is distributed with the subject of “Password Expiring Notice”. The body of the e-mail says, “Your password to a certain account has expired today. Use same password to keep access to your Office365 account.” Upon clicking the text “KEEP YOUR PASSWORD”, a screen…
Malicious Excel File Disguised as an Invoice, Possibly Targeting Companies Posted By jcleebobgatenet , October 28, 2021 The ASEC analysis team has recently discovered a malicious Excel file disguised as an invoice. This file is being distributed as an e-mail attachment with the filename of Invoice-[number]_date.xlsb. The following is the malicious e-mail that is being distributed in Korea. Upon running the Excel file, editing is restricted, prompting users to click the image within the file (see figure below). As the macro is designated to this image, the user must click the image for the macro to be…
Daum Phishing E-mails Disguised as ‘Purchase Order’ being Distributed Posted By jcleebobgatenet , October 25, 2021 One of the most frequently used methods for the distribution of malware is using phishing e-mails. The ASEC analysis team has introduced specific phishing attacks as well as the types of phishing e-mails in previous blog posts. Similar to the previous cases, the team has found a phishing e-mail that aims to leak Daum account credentials. Considering that the e-mail has a specific university set as its sender and recipient (see Figure 1), it appears that it was written to…
Scam Mail Prompting Bitcoin Deposit Being Distributed Posted By jcleebobgatenet , September 28, 2021 The ASEC analysis team has confirmed that a scam mail with the purpose of stealing Bitcoins is being distributed in Korea. The mail contains information about depositing Bitcoins. When users click the malicious URL in the mail, they are redirected to a scam website. As seen below, the scam mail is distributed with the title ‘Bitcoin Payment’ and the sender disguising as Admin Support. Inside the mail is a message saying 25 BTC ($1,184,081.00 USD) was deposited in the portfolio…