Emails Disguised as ‘Emirates Post’ Being Distributed During the Overseas Direct Purchase Season Posted By jcleebobgatenet , November 24, 2021 The ASEC analysis team has introduced numerous phishing websites disguised as various companies. The team has recently discovered a malicious email disguised as Emirates Post, a transport company, during the overseas direct purchase season. As shown in the figure below, the malicious email states that there is a problem with the shipping address, requesting the purchaser to check and return. The texts “Tracking Number” and “Click Here” contain a malicious URL that redirects the clicker to the phishing website. It…
Phishing PDF Files with CAPTCHA Screen Being Mass-distributed Posted By jcleebobgatenet , November 5, 2021 Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by AhnLab’s ASD infrastructure since July up till now amount to 1,500,000. It appears that most of them are distributed overseas, and thus there are fewer cases of damage in Korea….
Phishing Attacks Disguised as Microsoft, Targeting Corporate Users Posted By jcleebobgatenet , November 1, 2021 The ASEC analysis team has recently discovered phishing attacks disguised as Microsoft are being sent to corporate users. As shown in the figure below, the sender of the phishing e-mail is disguised as Microsoft, and the e-mail is distributed with the subject of “Password Expiring Notice”. The body of the e-mail says, “Your password to a certain account has expired today. Use same password to keep access to your Office365 account.” Upon clicking the text “KEEP YOUR PASSWORD”, a screen…
Malicious Excel File Disguised as an Invoice, Possibly Targeting Companies Posted By jcleebobgatenet , October 28, 2021 The ASEC analysis team has recently discovered a malicious Excel file disguised as an invoice. This file is being distributed as an e-mail attachment with the filename of Invoice-[number]_date.xlsb. The following is the malicious e-mail that is being distributed in Korea. Upon running the Excel file, editing is restricted, prompting users to click the image within the file (see figure below). As the macro is designated to this image, the user must click the image for the macro to be…
Daum Phishing E-mails Disguised as ‘Purchase Order’ being Distributed Posted By jcleebobgatenet , October 25, 2021 One of the most frequently used methods for the distribution of malware is using phishing e-mails. The ASEC analysis team has introduced specific phishing attacks as well as the types of phishing e-mails in previous blog posts. Similar to the previous cases, the team has found a phishing e-mail that aims to leak Daum account credentials. Considering that the e-mail has a specific university set as its sender and recipient (see Figure 1), it appears that it was written to…
