ViperSoftX Stealing Cryptocurrencies
Malware

ViperSoftX Stealing Cryptocurrencies

AhnLab SEcurity intelligence Center (ASEC) has confirmed that the ViperSoftX attacker is continuously distributing malware to users in Korea. ViperSoftX is a type of malware that resides in infected systems and is responsible for executing threat actors’ commands and stealing cryptocurrencies. ASEC previously published an analysis of a ViperSoftX attack

  • Jun 02 2025
ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor
Malware

ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor

AhnLab SEcurity intelligence Center (ASEC) uncovered that attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware targeting Korean victims since April 1, 2025. ViperSoftX is typically spread through cracked software or torrents, masquerading as legitimate programs. The main characteristic of ViperSoftX is that it operates as a PowerShell

  • Apr 07 2025
Larva-24009 Threat Actor’s Spear Phishing Attack Case Report
Malware

Larva-24009 Threat Actor’s Spear Phishing Attack Case Report

AhnLab SEcurity intelligence Center (ASEC) recently confirmed that the Larva-24009 threat actor is carrying out spear phishing attacks targeting Korean users. The threat actor has been active since around 2023 and has been primarily using spear phishing attacks targeting global users. Yet it has been recently confirmed that there are

  • Oct 17 2024
Private HTS Program Continuously Used in Attacks
Malware

Private HTS Program Continuously Used in Attacks

AhnLab SEcurity intelligence Center (ASEC) has previously covered a case where Quasar RAT was distributed through private home trading systems (HTS) in the blog post “Quasar RAT Being Distributed by Private HTS Program“. The same threat actor has been continuously distributing malware, and attack cases have been confirmed even recently.

  • Jul 17 2024
GitHub Repository Used by Kimsuky Threat Group
APT

GitHub Repository Used by Kimsuky Threat Group

Overview   While analyzing the Kimsuky group’s malware, AhnLab SEcurity intelligence Center (ASEC) discovered a certain GitHub repository. An inspection revealed that a strain of the FlowerPower malware that has been distributed since 2020 was uploaded. It also contained user information exfiltrated to GitHub and was confirmed to be the

  • Jul 05 2024
ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information
Malware

ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information

AhnLab SEcurity intelligence Center (ASEC) has recently discovered ViperSoftX attackers using Tesseract to exfiltrate users’ image files. ViperSoftX is a malware strain responsible for residing on infected systems and executing the attackers’ commands or stealing cryptocurrency-related information. The malware newly discovered this time utilizes the open-source OCR engine Tesseract. Tesseract

  • May 02 2024
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
APT Malware

Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed

On January 26th, 2022, the ASEC analysis team has discovered that the Kimsuky group was using the xRAT (Quasar RAT-based open-source RAT) malware. xRAT Github Address: https://github.com/tidusjar/xRAT According to the logs collected by AhnLab’s ASD (AhnLab Smart Defense) infrastructure, the attacker installed a variant of Gold Dragon on the first

  • Jan 28 2022