Scam Mail Prompting Bitcoin Deposit Being Distributed Posted By jcleebobgatenet , September 28, 2021 The ASEC analysis team has confirmed that a scam mail with the purpose of stealing Bitcoins is being distributed in Korea. The mail contains information about depositing Bitcoins. When users click the malicious URL in the mail, they are redirected to a scam website. As seen below, the scam mail is distributed with the title ‘Bitcoin Payment’ and the sender disguising as Admin Support. Inside the mail is a message saying 25 BTC ($1,184,081.00 USD) was deposited in the portfolio…
CryptBot Info-stealing Malware Distributed Through Phishing Sites Posted By jcleebobgatenet , June 8, 2021 The ASEC analysis team previously introduced a phishing site distributing malware disguised as a utility program. When searching the name of the utility program with a Google search keyword, the malware is shown relatively on the top list. It is being actively distributed even now, and the infection process has been changing continually. In this post, the team will explain the infection process of the recently distributed malware file which is globally known as CryptBot. Figure 1 and Figure 2 show…
Makop Ransomware Distributed As Copyright Violation Related Materials Posted By jcleebobgatenet , May 13, 2021 The ASEC analysis team has recently shared information about the distribution of Makop ransomware disguised as job applications. This week, the team confirmed that the ransomware is being distributed via e-mails that contain materials related to copyright violation. Unlike the last time, the compressed file is attached with the .dat extension instead of .zip and to avoid the e-mail attachment scan, the date the mail was distributed was used as a password. Inside the attached file, there is a file…
Malicious Word Documents with External Link of North Korea Related Materials Posted By jcleebobgatenet , March 29, 2021 In the previous, ASEC analysis team has introduced various types of document-based malware. Among them, malicious documents of North Korea related materials were generally produced in HWP file format. You can check the relevant information from previous ASEC blog posts. Today, DOC (Word) documents containing North Korea related materials collected by ASEC analysis team will partially be introduced. These documents are assumed to be distributed via email, and they had following content within. Upon opening, it connects to ‘External URL’…
Distribution of Malware via Resume/Copyright-Related Emails (Ransomware, Infostealer) Posted By jcleebobgatenet , February 25, 2021 ASEC analysis team has confirmed the malware under the disguise of a resume is still being distributed. This time, it disguised as resume and copyright-related files. The file that is being recently distributed also takes the form of NSIS (Nullsoft Scriptable Install System) and is being distributed under various filenames as translated below. Outline on the original image (the image I created) and the image you are currently using.exe You have violated copyright laws and here is the summary of…
