Phishing Email Disguised as a Well-Known Korean Web Portal Posted By jcleebobgatenet , February 10, 2022 The ASEC analysis team has recently discovered a phishing email that impersonates a well-known Korean web portal to collect user credentials. The phishing email demands the users to upgrade the mailbox storage, prompting them to click the link. Upon clicking the link, the user is redirected to the phishing page that prompts the users to enter their password. The figure below shows the subject and the details of the email, and the link redirects the user to the phishing page….
Phishing Script Files Being Distributed by Impersonating Various Groupware Posted By jcleebobgatenet , February 7, 2022 The ASEC analysis team introduced ‘phishing websites targeting Korean email service users’ last year May through the TI analysis report and ASEC blog post. The team showed back then how the attackers leaked user credentials targeting users of NAVER WORKS, MAILPLUG, hiworks, Chollian, and Daum. Files that disguise themselves as company groupware login webpage to leak user account credentials are one of the common phishing types that have been distributed, with slight changes occurring in email title, content, name of…
Infostealer Disguised as Well-Known Korean Web Portal File Posted By jcleebobgatenet , January 12, 2022 The ASEC analysis team has discovered an infostelaer type malware disguised as a file related to a Korean web portal. The team found the NAVER.zip file in the malicious URL used in recent phishing emails with the compressed file including an executable named ‘NaverProtector.exe’. The email with the malicious URL contains information about Kakao account as shown below. When users click the <Lift Protection> button, they are redirected to hxxp://mail2.daum.confirm-pw[.]link/kakao/?email=[email address] and will have their account credentials stolen by the…
Lokibot Malware Disguised as National Tax Service Email Being Distributed Posted By jcleebobgatenet , December 8, 2021 The ASEC analysis team has recently discovered that malicious emails disguised as Hometax are consistently being distributed. The sender address used in the email is hometaxadmin@hometax.go[.]kr or hometaxadmin@hometax[.]kr, identical to the case found last year, and the email contains electronic tax invoice related materials. This type of email has consistently been distributed. In last year’s case, the email had PPT file as an attachment that has malicious macro included, but recently, it is being distributed in the form of a…
Distribution of Phishing Emails Targeting Korean Research Institutes and Companies Posted By jcleebobgatenet , December 6, 2021 The ASEC analysis team has discovered the distribution of phishing emails targeting Korean research institutes and companies to steal passwords. The phishing email impersonated an international transport company, requesting the user to submit custom information, and open the attachment file to prompt the user to click the URL. Upon clicking the link in the email, the user is redirected to a phishing page that prompts the user to enter their password. As the team has also discovered cases of distribution…
