phishing

Malicious Word Documents with External Link of North Korea Related Materials

In the previous, ASEC analysis team has introduced various types of document-based malware. Among them, malicious documents of North Korea related materials were generally produced in HWP file format. You can check the relevant information from previous ASEC blog posts. Today, DOC (Word) documents containing North Korea related materials collected by ASEC analysis team will partially be introduced. These documents are assumed to be distributed via email, and they had following content within. Upon opening, it connects to ‘External URL’…

Distribution of Malware via Resume/Copyright-Related Emails (Ransomware, Infostealer)

ASEC analysis team has confirmed the malware under the disguise of a resume is still being distributed. This time, it disguised as resume and copyright-related files. The file that is being recently distributed also takes the form of NSIS (Nullsoft Scriptable Install System) and is being distributed under various filenames as translated below. Outline on the original image (the image I created) and the image you are currently using.exe You have violated copyright laws and here is the summary of…

Caution – Emails with the Title ‘Request for Purchase Order’ being Distributed to Companies

Multiple malicious emails with the title ‘Request for Purchase Order’ are being distributed to multiple companies. These spam mail attacks, which were first distributed in the second half of last year to random companies with the purpose of stealing user account, are still being distributed. To steal a user’s company email account, the attacker either prompted the users to access a phishing web page, or distributed executable of Lokibot, the info-stealer malware. So far, two titles are found in the…

Info Theft Malware Distribution Phishing Campaign

The ASEC analysis team discovered a phishing site that distributes info-stealer malware by disguising it as a crack program of a normal utility. As shared in the post posted on June 29th (https://asec.ahnlab.com/ko/1339/), the phishing site appears in the top results when the utility program name is searched along with “Crack” on Google. It is assumed that many users were infected when they accessed the said site to download the crack of the utility program. As shown in Figure 2,…

Emotet is Back and Spamming Again!

Emotet is back after almost five months of absense. It disappeared in early February, 2020 and came back recently in July to resume it’s phishing campaigns. AhnLab Security Emergency-response Center(ASEC) has confirmed the return of Emotet malware through its blog on July 22nd. Emotet is an infamous botnet that is known for its phishing campaigns. Even after a five-month-long break, their old tricks of using phishing emails remained the same. Emotet’s phishing campaign can be primarily divided into three types:…