Bumblebee Being Distributed in Korea Through Email Hijacking Posted By jcleebobgatenet , June 21, 2022 The ASEC analysis team has recently discovered the active distribution of Bumblebee, a downloader type malware. It is distributed using phishing emails in ISO file, and this file contains a shortcut and malicious DLL file. There were also cases of malware being distributed to Korean users through email hijacking. The image below shows phishing emails distributing Bumblebee. They hijacked normal emails and were sent to users as replies with malicious attachments. Users who receive the email may open the attachment…
XLL Malware Distributed Through Email Posted By jcleebobgatenet , May 27, 2022 Malware strains have been created and distributed in various forms and types. As such, the ASEC analysis team is actively monitoring and analyzing such changes to allow AhnLab products to detect them. This post will introduce XLL malware that was discovered being distributed last year. XLL files are Microsoft Excel add-in files that operate with the extension .xll and can be opened by Excel. One thing to note is that the files are opened with MS Excel. This means users…
Method that Tricks Users to Perceive Attachment of PDF File as Safe File Posted By jcleebobgatenet , May 25, 2022 The ASEC analysis team has discovered the distribution of info-stealer malware using Attachment feature of PDF files. This attack method was discovered previously, but as the malware of this type has resurfaced and is being actively distributed, the team would like to share the information. Note that the attacker used a simple trick of using the attachment’s name to deceive users. Acrobat Reader has a feature of adding attachments to PDF files. Files with extensions such as .bin/.exe/.bat/.chm are blacklisted…
LockBit Ransomware Being Distributed Using Resume and Copyright-related Emails Posted By jcleebobgatenet , February 24, 2022 The ASEC analysis team has recently discovered ransomware that is being distributed emails after disguising itself as resumes or copyright-related claims. The malicious emails with such content have been steadily distributed from the past. Unlike previous emails that distributed Makop ransomware, current cases have LockBit instead. Makop Ransomware Distributed As Copyright Violation Related Materials Makop Ransomware Disguised as Resume Being Distributed in Korea The emails that are confirmed for the distribution of malware have compressed files with passwords. As shown…
Increased Phishing Attacks Disguised as Microsoft Posted By jcleebobgatenet , February 23, 2022 The ASEC analysis team has recently discovered phishing emails disguised as Microsoft login pages. As shown in the figure below, one of the collected samples is disguised as the company’s voice message to prompt users to click the attached playback file. Clicking the file redirects users to a phishing webpage disguised as a Microsoft login page. Another sample is an attachment disguised as a file that is sent with a scanner, prompting users to click the attachment. Again, clicking the…
